SonarCube plugin & Fortify
Is there any integration/Fortify plugin available for SonarCube?
-> If YES, the license to use is the same used by the Eclipse plugin, for example?
Thank you in advance,
Also a soon-to-be option is using ThreadFix. You can either load FPRs into ThreadFix or use the SSC connector. Our entire org puts static, dynamic, other appsec tool outputs, and manual findings into ThreadFix for every application we test.
Denim Group has built a ThreadFix plugin for Sonar which should be out really soon. So your SonarQube dashboard can have quality metrics for ALL of your security tools, not just Fortify.
Anyone ever used ThreadFix in conjuction with things like WhiteHat? One of our biggest issues is trying to get WhiteHat, FoD, Fortify, etc... all in one place so we can have a great security picture.
Any updates in feeding Fortify SCA results to ThreadFix for SonarCube results review?