Fortify Demo with Visual Studio and Azure DevOps (2019)
Вставка
- Опубліковано 7 жов 2024
- End-to-end demo of Fortify on-premise static (with look-in on dynamic) scanning. Topics covered in this video:
Visual Studio Security Assistant (0:32)
Analysis Results from complete scan (3:05)
Azure DevOps pipeline (4:03)
Fortify plug-ins available for Azure DevOps (5:02)
Connecting SSC to IDE to get scan results directly in IDE (5:51)
Quick view for scan results (7:07)
Group by feature for scan results (8:03)
Issue details, remediation advice, etc (9:38)
Creating custom filter sets for Analysis results (12:03)
Adding notes or assignment to issue/sending to Bug Tracker (13:06)
Audit Workbench mention (14:02)
SSC (14:31)
SSC Dashboard (15:19)
Correlation Groups in SSC (16:10)
Application view (17:04)
Issue view, commenting, assigning (17:40)
Group assigning issues (18:43)
JIRA showcase of issues sent from SSC (19:16)
Audit Assistant showcase (21:03)
Reports from IDE (24:07)
Reports from SSC (24:39)
LEARN MORE about Fortify: software.micro...
LEARN MORE about how Micro Focus was named a leader in the 2019 Gartner MQ for Application Security Testing: software.micro...
SUBSCRIBE TO FORTIFY UNPLUGGED: / @fortifyunplugged - Наука та технологія
In addition to the tutorial on the Visual Studio plugin there is an excellent overview of the SSC. This recording was extremely helpful on both topics.
Thanks for watching and commenting!
I cant wait till my company gets another package that can properly scan a .net 6 app. half of the time the fortify analyzer fails to run breaking our build. When it does run it are 99% false positives.
You might have been using an older version of Fortify. We have upgraded the analyzers to fully support .NET 6 and 7. What version is being used?
poor quality audio
thanks for the feedback...we're trying to improve the quality of our recordings...this is due to be refreshed soon.
poor quality video
Thanks for keeping us honest. We're trying to refresh some of these earlier videos.