Fortify Application Security provides your team with solutions to empower DevSecOps practices, enable cloud transformation, and secure your software supply chain. As the sole Code Security solution with over two decades of expertise and acknowledged as a market leader by all major analysts, Fortify delivers the most adaptable, precise, and scalable AppSec platform available, supporting the breadth of tech you use and integrated into your preferred toolchain. We firmly believe that your great code demands great security, and with Fortify, go beyond 'check the box' security to achieve that.
This stand-alone utility allows for automated, scheduled synchronization of Fortify on Demand (FoD) application releases and scans with Fortify Software Security Center (SSC). This functionality is based on two tasks that run automatically on a configurable schedule:
- Link Releases task:
- Based on configurable filtering criteria, look for FoD releases that have not yet been linked to an SSC application version
- If a similarly named SSC application version already exists, link the FoD release to that application version
- Optionally create a new SSC application version with the same name as the FoD application release
- Sync Scans task:
- Iterate over all SSC application versions that have been previously linked (either automatically or manually) to an FoD release
- Check whether any new scans exist on the FoD release
- If so, download the scan from FoD and upload to SSC
- Usage: USAGE.md
- Releases: https://github.com/fortify/FortifySyncFoDToSSC/releases
- Development releases may be unstable or non-functional. The
*-thirdparty.zipfile is for informational purposes only and does not need to be downloaded.
- Development releases may be unstable or non-functional. The
- Docker images: https://hub.docker.com/repository/docker/fortify/sync-fod-to-ssc
latestandstabletags point to the latest production releasevX.Y.ZandX.Y.Ztags point to the given patch releasevX.YandX.Ytags point to the latest patch release of the given minor releasevXandXtags point to the latest minor and patch release of the given major releaselatest_<branch>tags point to the latest development release for a given branchlatest_rctag points to the latest development release on the main branch
- Sample configuration files: config
- Source code: https://github.com/fortify/FortifySyncFoDToSSC
- Automated builds: https://github.com/fortify/FortifySyncFoDToSSC/actions
- Contributing Guidelines: CONTRIBUTING.md
- Code of Conduct: CODE_OF_CONDUCT.md
- License: LICENSE.txt
For general assistance, please join the Fortify Community to get tips and tricks from other users and the OpenText team.
OpenText customers can contact our world-class support team for questions, enhancement requests and bug reports. You can also raise questions and issues through your OpenText Fortify representative like Customer Success Manager or Technical Account Manager if applicable.
You may also consider raising questions or issues through the GitHub Issues page (if available for this repository), providing public visibility and allowing anyone (including all contributors) to review and comment on your question or issue. Note that this requires a GitHub account, and given public visibility, you should refrain from posting any confidential data through this channel.
This document was auto-generated from README.template.md; do not edit by hand