This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
muzilli
Absent Member.
Absent Member.
‎2014-12-03 23:45
5520 views

SonarCube plugin & Fortify

Is there any integration/Fortify plugin available for SonarCube?

-> If YES, the license to use is the same used by the Eclipse plugin, for example?

Thank you in advance,

Marcelo Muzilli

Labels (1)
Labels
0 Likes
Reply
Report Inappropriate Content
4 Replies
gsman1
Absent Member.
Absent Member.
‎2015-02-19 10:23

Yes there is. I'm using Sonar to manage findings instead of SSC. You do loose some functionality that SSC has

Fortify Plugin (1.x) - SonarQube - Codehaus

0 Likes
Reply
Report Inappropriate Content
sspringett
Commodore
Commodore
‎2015-02-27 21:44

Also a soon-to-be option is using ThreadFix. You can either load FPRs into ThreadFix or use the SSC connector. Our entire org puts static, dynamic, other appsec tool outputs, and manual findings into ThreadFix for every application we test.

Denim Group has built a ThreadFix plugin for Sonar which should be out really soon. So your SonarQube dashboard can have quality metrics for ALL of your security tools, not just Fortify.

0 Likes
Reply
Report Inappropriate Content
ellerm
Commodore Commodore
Commodore
‎2015-03-10 12:36

Anyone ever used ThreadFix in conjuction with things like WhiteHat?  One of our biggest issues is trying to get WhiteHat, FoD, Fortify, etc... all in one place so we can have a great security picture.

Thanks,

Mike

0 Likes
Reply
Report Inappropriate Content
bandrzej1
Absent Member.
Absent Member.
‎2015-10-30 19:45

Any updates in feeding Fortify SCA results to ThreadFix for SonarCube results review?
http://docs.sonarqube.org/display/PLUG/Fortify+Plugin

Like , looking into a Proof Of Concept to have our static and dynamic security scanner result types that are supported by ThreadFix to feed into SonarCube for build pass/fail.

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.