Highlighted
Respected Contributor.. Respected Contributor..
Respected Contributor..
563 views

Fortify Plugin for Bitbucket?

When a developer submits a Pull Request in Bitbucket, I would like to have Bitbucket check with Fortify SSC to see if at least every item in Fortify has been audited. Possibly, down the road, make sure that there are no open issues. Or no open Critical issues. Whatever.

What are your thoughts on such a plugin? Does anybody already do anything like this? Good idea/bad idea?

0 Likes
2 Replies
Highlighted
Respected Contributor.. Respected Contributor..
Respected Contributor..

In general Bitbucket would need to know how to build your code, so it seems to me like the easiest way is to have a CI server (like Jenkins) set up to build your pull request and include a Fortify scan (if feasible). In case of Jenkins there is also already a Fortify plugin available.

0 Likes
Highlighted
Respected Contributor.. Respected Contributor..
Respected Contributor..

I've already got that integration in place. What I'm looking to do is add a control on the Pull Request to ensure that the code reviewer has at a minimum audited all of the findings found by Fortify before allowing the code to be merged.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.