Highlighted
Frequent Visitor.
128 views

Jenkins integration with SCA

Jump to solution
I am trying to implement CI/CS flow to let Jenkins to trigger static code scanning. When setting the Jenkins plugin, seems there is no way to define the server host of the SCA client. Is it a must to install Fortify in the same host as Jenkins? Thanks!
Labels (1)
0 Likes
1 Solution

Accepted Solutions
Highlighted
Micro Focus Expert
Micro Focus Expert

In the Fortify Jenkins Plugin User Guide, it mentions there are three ways to integrate SCA scanning with the plugin:

The Fortify Jenkins Plugin provides three ways to analyze your source code:

  • Offload the complete analysis (translation and scan) to Fortify ScanCentral

    See Software Requirements for a list of languages that this method of analysis support

  • Perform a translation on the local system and then offload the more CPU-intensive scan phase to Fortify ScanCentral

  • Perform the complete analysis (translation and scan) on the local system

    You can run the analysis locally with Gradle, Maven, MSBuild, and Visual Studio (devenv). You can also analyze your source code without a build tool.

View solution in original post

2 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

In the Fortify Jenkins Plugin User Guide, it mentions there are three ways to integrate SCA scanning with the plugin:

The Fortify Jenkins Plugin provides three ways to analyze your source code:

  • Offload the complete analysis (translation and scan) to Fortify ScanCentral

    See Software Requirements for a list of languages that this method of analysis support

  • Perform a translation on the local system and then offload the more CPU-intensive scan phase to Fortify ScanCentral

  • Perform the complete analysis (translation and scan) on the local system

    You can run the analysis locally with Gradle, Maven, MSBuild, and Visual Studio (devenv). You can also analyze your source code without a build tool.

View solution in original post

Highlighted
Respected Contributor.. Respected Contributor..
Respected Contributor..

SCA needs to be available on a Jenkins agent where you want to run the scan, not necessarily Jenkins host. Schedule your pipeline step to be run on an agent where SCA binaries are available.

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.