Fortify Plugin for Bitbucket?
When a developer submits a Pull Request in Bitbucket, I would like to have Bitbucket check with Fortify SSC to see if at least every item in Fortify has been audited. Possibly, down the road, make sure that there are no open issues. Or no open Critical issues. Whatever.
What are your thoughts on such a plugin? Does anybody already do anything like this? Good idea/bad idea?
In general Bitbucket would need to know how to build your code, so it seems to me like the easiest way is to have a CI server (like Jenkins) set up to build your pull request and include a Fortify scan (if feasible). In case of Jenkins there is also already a Fortify plugin available.
I've already got that integration in place. What I'm looking to do is add a control on the Pull Request to ensure that the code reviewer has at a minimum audited all of the findings found by Fortify before allowing the code to be merged.