Тёмный

Using results from Fortify Static Code Analyzer 

Fortify Unplugged
Подписаться 4,9 тыс.
Просмотров 22 тыс.
50% 1
ВидеоПоделитьсяСкачатьДобавить в

This video goes deep into the various ways to use results from Fortify Static Code Analyzer to help you build secure software faster. Common ways to view fortify on premise static scan results:
• Within the output from Source Analyzer (or ScanCentral) [4:15]
• Within a Supported IDE [7:05]
• Within Audit Workbench [11:53]
• Within Fortify SSC [20:15]
• Via output From CI Pipeline [25:46]
• Using FPRUtility [28:40]
• Via Fortify generated Reports [30:52]
These are some of the ways to perform scans using Fortify Static Code Analyzer:
1. From the CLI (command-line interface) or Script that use Source Analyzer (this video)
2. From the CLI or Script that use ScanCentral
3. Within a supported IDE (integrated development environment)
4. As part of a CI Pipeline
Two earlier videos looked at the ways to perform static scans in Fortify Static Code Analyzer.
• SAST with Fortify: Scanning on The Command Line or a Script ( • SAST with Fortify SCA:... )
• SAST with Fortify: Scanning in an IDE ( • SAST with Fortify SCA:... )
Fortify Results include:
• List of issues found and counts
• Files scanned
• Functions/Methods scanned
• Statistics about the scanned code
• Statistics about the scan environment
Fortify Static Code Analyzer pinpoints the root cause of security vulnerabilities in the source code, prioritizes the most serious issues, and provides detailed guidance on how to fix them so developers can resolve issues in less time with centralized software security management.
Learn more about Fortify Static Code Analyzer: www.microfocus...
LEARN MORE about Fortify: www.microfocus...
LEARN MORE about how Micro Focus was named a leader in the Gartner MQ for Application Security Testing: software.micro...
LEARN MORE about how Fortify received the highest score in the Gartner Critical Capabilities for Application Security Testing report for the Enterprise use case AND the Mobile and Client use case: www.microfocus...
SUBSCRIBE TO FORTIFY UNPLUGGED: / @fortifyunplugged
CONNECT with the Fortify Online Community: community.micr...
- Connect with peers and share your knowledge
- Find solutions and answers to your technical questions
- Stay informed on new releases and product enhancements
- Access downloads, demos, videos and support tips

Опубликовано:

 

22 сен 2024

Поделиться:

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист
Посмотреть позже
Комментарии : 4   
@harithaguda3715
@harithaguda3715 Год назад
I have executed scan for a directory and uploaded fpr in SSC where I could see privacy violation for a file. Later I have executed scan for that particular file and opened fpr in Auditworkbench, there this violation type is not listed. Can you please guide what am I missing here.
@FortifyUnplugged
@FortifyUnplugged Год назад
Generally speaking, the exact same issues can be seen in Audit Workbench and Fortify SSC, although differences may occur as a result of filter settings. Based on the question, we can't be sure what's going on. One thing that might be the case: Audit Workbench by default opens with the "quick view" filter that hides all issues except the critical ones and a selection of the high risk ones. By changing this (dropdown in the top-left corner) to "security auditor", you'll get to see all issues which may help reconciliate what you see with SSC. Also, you mention that you were looking at a scan of the directory in SSC and at a scan of a single file in AWB. Many things that Fortify SCA detects are the result of combining information from multiple files; that includes privacy violation issues. So, it also could be the case that Fortify simply didn't find the issue in the single file scan.
@pavankumar145.
@pavankumar145. 9 месяцев назад
How to setup fortify in ec2 Linux instance
@FortifyUnplugged
@FortifyUnplugged 8 месяцев назад
This question is a little vague. Do you want to set up Fortify Static Code Analyzer on an Amazon EC2 instance? Or do you want the entire Fortify ecosystem (SSC/ScanCentral/etc)? I’m not too familiar with EC2, but I believe it’s just like a regular VM. If you are asking about installing Fortify Static Code Analyzer, it’s just like installing it on any VM. You just need to connect to your instance, transfer the linux installer to that instance, and run it. Then you should be able to run Static Code Analyzer as usual. Hope that helps!
Далее
Visual Studio Code Extension for Fortify Static Code Analyzer
8:52
Visual Studio Code Extension for Fortify Static Code Analyzer
Просмотров 8 тыс.
ScanCentral SAST Installation & Configuration
50:26
ScanCentral SAST Installation & Configuration
Просмотров 13 тыс.
Сбегаю ОТ ЗЛЫХ РОДИТЕЛЕЙ. SCHOOLBOY RUNAWAY В РЕАЛЬНОЙ ЖИЗНИ
10:48
Сбегаю ОТ ЗЛЫХ РОДИТЕЛЕЙ. SCHOOLBOY RUNAWAY В РЕАЛЬНОЙ ЖИЗНИ
Просмотров 398 тыс.
Алаудинов отказался спасать чеченцев из украинского плена #shorts
00:33
Алаудинов отказался спасать чеченцев из украинского плена #shorts
Просмотров 906 тыс.
Woodworking Tips and Tricks! How to Join Wood #shorts #woodworking #tips #skills
00:21
Woodworking Tips and Tricks! How to Join Wood #shorts #woodworking #tips #skills
Просмотров 450 тыс.
ФИНАЛ 10.000км на НЕМЕЦКИХ ВЁДРАХ! ЮРА ВОЛКОВ, БОРОДАЧ, ДЕВЧОНКИ. ЧАСТЬ 6 + АУКЦИОН
1:27:47
ФИНАЛ 10.000км на НЕМЕЦКИХ ВЁДРАХ! ЮРА ВОЛКОВ, БОРОДАЧ, ДЕВЧОНКИ. ЧАСТЬ 6 + АУКЦИОН
Просмотров 506 тыс.
Static Code Analysis: Scan All Your Code For Bugs | Synopsys
19:05
Static Code Analysis: Scan All Your Code For Bugs | Synopsys
Просмотров 41 тыс.
What is Static Code Analysis? | AppSec 101
14:42
What is Static Code Analysis? | AppSec 101
Просмотров 15 тыс.
Bug Hunting with Static Code Analysis - Nick Jones
34:45
Bug Hunting with Static Code Analysis - Nick Jones
Просмотров 11 тыс.
What Is Dynamic Application Security Testing (DAST)? | AppSec 101
19:41
What Is Dynamic Application Security Testing (DAST)? | AppSec 101
Просмотров 22 тыс.
SAST with Fortify SCA: Scanning in an IDE
10:26
SAST with Fortify SCA: Scanning in an IDE
Просмотров 4,8 тыс.
Open Source Vulnerability Scans | Snyk | #6MinuteSaturdays | Tech Primers
8:29
Open Source Vulnerability Scans | Snyk | #6MinuteSaturdays | Tech Primers
Просмотров 25 тыс.
Hacking Websites with SQL Injection - Computerphile
8:59
Hacking Websites with SQL Injection - Computerphile
Просмотров 2,4 млн
Secure Coding - Best Practices (also for non developers!)
57:45
Secure Coding - Best Practices (also for non developers!)
Просмотров 20 тыс.
Jenkins Plugin for Fortify SCA/SSC to automatically upload projects (2019)
7:58
Jenkins Plugin for Fortify SCA/SSC to automatically upload projects (2019)
Просмотров 22 тыс.
Software Composition Analysis | SCA | App Security | Third Party Software and Open Source Security
12:08
Software Composition Analysis | SCA | App Security | Third Party Software and Open Source Security
Просмотров 1,7 тыс.
Сбегаю ОТ ЗЛЫХ РОДИТЕЛЕЙ. SCHOOLBOY RUNAWAY В РЕАЛЬНОЙ ЖИЗНИ
10:48
Сбегаю ОТ ЗЛЫХ РОДИТЕЛЕЙ. SCHOOLBOY RUNAWAY В РЕАЛЬНОЙ ЖИЗНИ
Просмотров 398 тыс.