Note 2: Some of the modules listed above may have less than 10 issues. Hence you may need to run more than 1 scan.
Troubleshooting and FAQ
Troubleshooting and FAQ
We are NOT using Software Security Center (SSC) at this time
We are NOT using Software Security Center (SSC) at this time
If you encounter a login screen such as the one below, click "Cancel". We are not using the Fortify Software Security Center (SSC) at this time.
Note 1: Some projects will not scan due to the memory constraints of the system, including openmrs-core. Projects with potential vulnerabilities where scans have completed previously include:
adminui
appointmentscheduling (NOT appointmentschedulingui)
calculation
chartsearch
emrapi
fhir
htmlformentry
idgen
metadatasharing
owa
registrationapp
registrationcore
referenceapplication
reporting
reportingcompatibility
uiframework
uilibrary
Screenshots taken from Eclipse IDE with Fortify, Coverity, and Sonarlint plugins installed
Screenshots taken from Eclipse IDE with Fortify, Coverity, and Sonarlint plugins installed
How to Run Fortify
How to Run Fortify
Open the VCL reservations page under https://vcl.ncsu.edu.
Create a new reservation of the class instance: CSC515_SoftwareSecurity_Ubuntu.
Choose the reservation duration to be at least one hour due to the length of time it will take to run Fortify.
Or You may extend your reservation by clicking "More Options", then "edit...".
Click "Connect" once the reservation is made. Follow the second part of the instructions in the pop-up window for "Connect to reservation using xRDP for Linux" to connect to VCL.
You may use anyremote desktop program you like.
Choose "Use default config" after connected to VCL.
Ignore any error messages, if there are any.
Open Eclipse on the Desktop. If Eclipse is not shown on the Desktop, open terminal and run the command "eclipse".
Use the default workspace "openmrs-eclipse-ws" of Eclipse.
Open Fortify -> Options.
In the popup window, go to Default Project Settings.
In the Memory field under Scan Configuration, enter 4096. Click OK.
In the package explorer, expand the "module" project folder.
Right click any of the the modules and choose "Analyze Project". Then Fortify will start analyzing the module. This may take a while (>15min).
Similarly, if you are asked if you wish to synchronize information with the server, click "no". We are not using a server with Fortify at this time.
Other ways to start Fortify Scans
Other ways to start Fortify Scans
Fortify scan can also be run by selecting the project you wish to analyze, then in the toolbar selecting Fortify->Analyze Project
Fortify Perspective in Eclipse
Fortify Perspective in Eclipse
The Fortify Audit Perspective should automatically open at the completion of the scan. If this perspective does not open and you wish to change to the Fortify Audit Perspective, in the toolbar select Window->Perspective->Open Perspective->Other
In the subsequent popup, select Fortify Audit, then click "Open".
The UI should transition to the Fortify Audit Perspective
Page updated
Report abuse