Absent Member.
Absent Member.
11078 views

Fortify for Groovy & Scala projects

Jump to solution

Does anyone know if/when Fortify will be able to scan Groovy and Scala projects?

Tags (3)
0 Likes
1 Solution

Accepted Solutions
Absent Member.
Absent Member.

Hi Geert, I can confirm both Groovy and Scala on the Fortify radar. Unfortunately I can't give you an idea of when support will be introduced.

If possible I'd recommend you drop an email to fortifytechsupport@hp.com expressing your interest. The support team will then be able to get your name added to the open enhancement requests and keep you posted on any progress.

View solution in original post

0 Likes
16 Replies
Absent Member.
Absent Member.

Hi Geert, I can confirm both Groovy and Scala on the Fortify radar. Unfortunately I can't give you an idea of when support will be introduced.

If possible I'd recommend you drop an email to fortifytechsupport@hp.com expressing your interest. The support team will then be able to get your name added to the open enhancement requests and keep you posted on any progress.

View solution in original post

0 Likes
Absent Member.
Absent Member.

New in SCA 4.30:

"Higher Order Analyzer is provided as a technology preview. For languages other than Java, it enables SCA to perform analysis on higher order functions such as lambdas.

To enable languages for higher order analysis, add a comma-delimited list of languages to the fortify-sca.properties file. For example:

com.fortify.sca.Phase0HigherOrder.Languages=javascript,ruby,python

To enable type inference for languages that are enabled for higher order analysis, add a comma-delimited list of languages to the fortify-sca.properties file. For example:

com.fortify.sca.TypeInferenceLanguages=javascript,ruby,python"

Languages other than Java....? So this could be Scala, Groovy? Or languages that are already supported by SCA?

0 Likes
Absent Member.
Absent Member.

Hi Geert, I'm afraid the Higher Order Analyser is only available for languages already supported by SCA. At present this is the 3 listed in the examples.

While this functionality may ultimately help us in introducing support for both Groovy and Scala in the future, there's nothing specific for either in v4.30. Apologies I don't have better news.

0 Likes
Absent Member.
Absent Member.

Hi Geert, something you may be interested in trying. A few of our PS guys have had some success in scanning the compiled class files from Groovy and Scala since they're compiled into Java bytecode. Bytecode support is available in v4.30 and you can find instructions on enabling it on Page 21 of the .

Of course this isn't actually a supported technique as we don't yet support Groovy or Scala. As such I can't guarantee it will work, but it may give you at least some results until we're able to offer actual support.

0 Likes

I have an interest in this too. Is dropping an email to Fortify Support to express our interest really necessary, or do they read this forum?

0 Likes
Absent Member.
Absent Member.

That's a good idea! I think this forum is actively followed by HP people but not sure if the Fortify Support people do as well so I think it doesn't harm to send an email

0 Likes

Will do.

We should get them involved, since this is a Fortify forum

0 Likes

That didn't work for me, unfortunately.

0 Likes
Absent Member.
Absent Member.

Hey guys, Fortify Support is on here... in fact I'm a member of the Support team myself However it's still always useful to drop an email to fortifytechsupport@hp.com expressing your interest in any new features. That way a tracked support case is opened and either a new enhancement request will be filed which is visible to Product Management or, if one already exists (as they do for both Groovy and Scala), your name and case number will be added to it - throwing that extra bit of weight behind it when PM come to do their planning.

0 Likes

FYI, I conversed with Fortify Support and had them add my name to the list of people requesting Groovy support. However, I was unable to get him to be forthcoming with a timeline for it.

0 Likes

A new version of Fortify and no Groovy support. That's going to make life difficult for us here. Hopefully HP can provide a timeline for it now (?)

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.