Fortify CI Integrations Part 2 (Jenkins, Azure DevOps)
Вставка
- Опубліковано 16 тра 2021
- Fortify can integrate with virtually any CI/CD tool in the market. In this session, Diogo Rispoli (Fortify Master Solutions Architect), covers Jenkins and Azure DevOps (24:35).
LEARN MORE about Fortify: www.microfocus.com/en-us/solu...
LEARN MORE about how Micro Focus was named a leader in the Gartner MQ for Application Security Testing: software.microfocus.com/en-us...
LEARN MORE about how Fortify received the highest score in the Gartner Critical Capabilities for Application Security Testing report for the Enterprise use case AND the Mobile and Client use case: www.microfocus.com/en-us/asse...
SUBSCRIBE TO FORTIFY UNPLUGGED: / @fortifyunplugged
CONNECT with the Fortify Online Community: community.microfocus.com/t5/F...
- Connect with peers and share your knowledge
- Find solutions and answers to your technical questions
- Stay informed on new releases and product enhancements
- Access downloads, demos, videos and support tips - Наука та технологія
Hi, Im struggling using the Installer Fortify SCA task from the azure extension.
Is there any example video of an complete fortify on premise integration with azure devops?
Im having troubles with the path variable and the pipeline is having errors.
If this is for the installation, then the PATH variable needs to point to the directory on the local machine/Azure Agent that has the Fortify installation. The Fortify SCA installer needs to be on your on-premise host machine. If you are using the same OnPremise agent for your builds, you could just install Fortify locally on the host instead of having each build do the installation. As long as SCA is on the PATH, then the underlying build pipelines would be able to use the other Fortify plugins. Thanks for your question!
Any examples on how to create quality gates, as in setting builds with critical or high issues to fail?
I will look into this and get back to you!
Just a question for Azure DevOps.
At the clip's 35:38 mark, you created a Service Connection called SSC-ADO3.
While at the 39:32 mark, while configuring the upload section of the task in the pipeline, you selected the service connection called SSC instead of SSC-ADO3. Any reason for this?
I just checked the whole video and did not see how the "SSC" service connection was created.
I have reached out to the creator of this video for an answer to your question. I should have a response for you within the next few days! Thank you for watching
Here is the response from the creator of the video "I just used another connect I had configured and tested before. SSC and SSC-AD03 have the same connection information and were configured the same way."
Hello.
I have a question about Fortify installation. In your example SSC and ScanCentral contoller are instaled on the same server. What if ScanCentral contoller listning on public address, and SSC is hiden in backend zone? Should SSC be exposed publicaly to communicate with repositories? Does controller will transmit data from repo to SSC?
In Azure DevOps "SSC url" setting is optional.
Hi Pawel! No need to have SSC with a public IP, you can punch a hole in the firewall (ip/port inbound/outbound) to let the controller and SSC to communicate. SSC wont be communicating with the repo, the SC controller will send all the data from the scans to SSC and request any information needed using the SSC API.
@@FortifyUnplugged Thank you for your answer. It's been a long time as I has asked this question. Now I'm a bit familiar with Fortify enviroment. Just as you said external clients connects to ScanCentral SAST controller only. Public visibility of SSC is strictly unrecomended.
Is there any documentation for Webinspect integration with Azure devops
Here you go! www.microfocus.com/documentation/fortify-azure-devops-extension/7.0.0/AzureDO_Ext_Help_7.0.0/index.htm#WebInspect/WI_GetStarted.htm
Excellent , if you could make short video for .Net core and React JS with yaml thats will be more helpful ..
We can work on a video for .NET Core and React JS. Is this for FoD or On Prem?
24:45 Azure.
Thanks for sharing this timestamp!
How about Integration for Circleci?
Your suggestion has been noted. Thank you!
If you send an email to diogo.rispoli@microfocus.com he can provide you with instructions for the Circleci integration.
could you please send us the Yamal script
Sure thing, first I need to know if you need it for Fortify on Demand or On-Prem. Could you please let me know? Thanks!
@@FortifyUnplugged yes i need we are planning using Self hosted agent
Bruh man thats a unusual accent for me
That would be our good friend Diogo from Brazil!