New user, probably old questions...
Hello, I've signed on to get Fortify services integrated into our development environment.
So I’m looking for information on integrating the Fortify services within our dev environment as seamlessly as possible, ideally through the use of a plugin for Intellij IDEA or, outside of this, the sourceanalyzer command line tool so I can script to it.
I’ve attempted to use sourceanalyzer as per information I’ve found on the web ($: sourceanalyzer @,<projectname>Clean.txt) but not getting a full picture of what’s needed, e.g., I can clean and build using the generated <projectname>Clean.txt and <projectname>Build.txt (generated when I used the Fortify web interface as per instructions initially) but the <projectname>Scan.txt file fails to perform the scan, and I’m not sure what I’m missing since the documentation that I’ve found isn’t clear on the subject (lots of information on using the GUI).
Could someone provide some guidelines on how I might do this? This is a Java 1.8 code base and as mentioned using Intellij as our IDE. The solution I'm attempting to author is targetted to be used in both our local development as well as our CI processes.