Automatic Fortify Scan using Jenkins
Install Jenkins from here. Based on the OS, you use.
Once you have Jenkins installed. Click on Manage Jenkins-> Manage Plugins -> Click on Available .
In the search tab enter Fortify.
4. Select the checkbox and install without restart. This will install all the fortify steps within jenkins for you to integrate with SSC.
5. Click on Dashboard -> Configure System -> set global properties as per below
6. In the HP Fortify Assessment section, do the following:
a. In the URL box, type the URL for the SSC server for which you configured the Jenkins token type. (The correct format for the Software Security Center URL is http://nnn.nnn.nnn.nnn:8080/ssc/.)
b. In the Authentication Token box, enter the authentication token generated for the SSC server.
7. Click Advanced, and then click Test Connection.
8. Click on Dashboard. Now, it's time to create a job to security scan your code using Fortify.
9. Click on New Item. Provide the build name and select pipeline, say OK.
10. Go to Pipeline section. Select Pipeline Script. Enter below codes.
node {
stage('Fortify Clean') {
fortifyClean addJVMOptions: '', buildID: 'pipeline', logFile: '', maxHeap: ''
}
stage('Fortify Translate') {
fortifyTranslate addJVMOptions: '', buildID: 'test', debug: true, excludeList: '', logFile: '', maxHeap: '', projectScanType: fortifyJava(javaAddOptions: '', javaClasspath: '', javaSrcFiles: '/Users/sinhap3/Desktop/eightball', javaVersion: '8'), verbose: true
}
stage('Fortify Scan') {
fortifyScan addJVMOptions: '', addOptions: '', buildID: 'test', customRulepacks: '', logFile: '', maxHeap: '', resultsFile: 'res.fpr'
}
stage('Upload Scan to SSC') {
fortifyUpload appName: 'SSC', appVersion: '1.9', failureCriteria: '', filterSet: '', pollingInterval: '', resultsFile: 'res.fpr'
}
}
11. Click on Apply and Save.
12.Click on Build Now.
13.Click on Build number -> Workspaces -> Check your FPR files.
14. The same file will be uploaded in SSC to identify any issues.
