This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
Omar Lpz
Captain
Captain
‎2019-06-06 01:06
3440 views

Can Fortify Scan mobile apps made with Xamarin?

Jump to solution

Hi Everyone,

 

I've been using Fortify for a bit now, I know that SCA can scan iOS and Android apps by translating the code for SCA, but I don0t know if I can translate the Xamarin code. This is a client requeriment, they have coded their app using Xamarin with VS IDE, I know that the SCA plug in for VS works well, but we haven't tried with Xamarin yet, so My question is: Can we scan that code normally or there are some additional configurations we should do in order to scan their app?

Thanks in advance.

0 Likes
Reply
Report Inappropriate Content
1 Solution

Accepted Solutions
Raphael Hagi
Commodore
Commodore
‎2019-06-07 17:39

Jump to solution

Yes, you can.

And on FoD you can use the Mobile+, that includes a manual review for your apps and a DAST scan for your backend. Please, check the two papers below:

https://www.microfocus.com/media/data-sheet/fortify_on_demand_ds.pdf

https://www.microfocus.com/media/brochure/fortify_on_demand_mobile_application_security_testing_brochure.pdf


Data, or do not.

View solution in original post

Reply
Report Inappropriate Content
3 Replies
Raphael Hagi
Commodore
Commodore
‎2019-06-06 14:46

Jump to solution

Yes, you can scan this type of projects using msbuild integration for translate phase, check the SCA Guide on page 78: https://www.microfocus.com/documentation/fortify-static-code-analyzer-and-tools/1820/SCA_Guide_18.20.pdf

Try it and come back to tell us what you get.


Data, or do not.
0 Likes
Reply
Report Inappropriate Content
Omar Lpz
Captain
Captain
‎2019-06-07 15:51

Jump to solution

Hi Raphael,

We've tried and it works! Now, can we make the same type of scans in Dortify On Demand? For xamarin app code I mean. Our client is looking forward for the On Demand scheme, so now we are wondering our selves if we can buy assessment units for FoD and run the scan there and compare it with the one we've run with SCA. It's posible to do it like that?

Thanks!

0 Likes
Reply
Report Inappropriate Content
Raphael Hagi
Commodore
Commodore
‎2019-06-07 17:39

Jump to solution

Yes, you can.

And on FoD you can use the Mobile+, that includes a manual review for your apps and a DAST scan for your backend. Please, check the two papers below:

https://www.microfocus.com/media/data-sheet/fortify_on_demand_ds.pdf

https://www.microfocus.com/media/brochure/fortify_on_demand_mobile_application_security_testing_brochure.pdf


Data, or do not.

View solution in original post

Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.