Having problems with your account or logging in?
A lot of changes are happening in the community right now. Some may affect you. READ MORE HERE
securecoder Frequent Contributor.
Frequent Contributor.
3619 views

Requirements to execute Fortify scan in Jenkins CI build pipeline

Hello 

I need to execute Fortify scan in Jenkins as part of continuous integration build pipeline.  Code is mostly Java or  Javascript.  Currently Jenkins 2.114 is installed on a Linux VM and Fortify SSC 17.20 is installed on a separate Linux VM.   In order to execute Fortify SCA scan in Jenkins and upload the results to SSC do I need to install SCA on the same VM as Jenkins or can it be installed on the same VM as SSC ?  Please let me know. 

Thanks

NP

 

0 Likes
2 Replies
andersonshatch Honored Contributor.
Honored Contributor.

Re: Requirements to execute Fortify scan in Jenkins CI build pipeline

You need to have SCA installed on the machine where Jenkins will run the builds. For simple Jenkins setups, that's on the same machine where Jenkins itself (the Java webapp) is running, but if you are using master/agent  "distributed builds", you'll need to make sure SCA is available on the agent where the build (and your script calling sourceanalyzer) will actually run. 

SSC does not do sccans, and I wouldn't recommend having SCA scans running on the same machine where you have SSC deployed either.

 

-Josh
Fortify L3 support engineer

Highlighted
agoswami
New Member.

Re: Requirements to execute Fortify scan in Jenkins CI build pipeline

What's the way to setup my javascript project to be able to run fortify scan as a part of jenkins and upload results in SSC?

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.