How to use fcli with Fortify Software Security Center (SSC)
Вставка
- Опубліковано 10 лип 2024
- In this video, Jan Wienand, Fortify Presales Consultant, gives an overview of the Fortify Command Line Interface utility with Fortify Software Security Center.
Timestamps:
00:00 Intro
01:02 General things for fcli
04:45 Demo overview
05:29 Install fcli and activate auto completion
07:28 Create a new SSC session
10:23 View and manage Application Version(s)
13:00 Variables and Upload of Scan Results
17:26 Data Export
19:32 Wrap Up
Commands: github.com/janwienand/fcli-ex...
Documentation: fortify-ps.github.io/fcli/
Releases: github.com/fortify-ps/fcli/re...
LEARN MORE about Fortify: www.microfocus.com/en-us/cybe...
LEARN MORE about how Micro Focus was named a leader in the Gartner MQ for Application Security Testing: software.microfocus.com/en-us...
CONNECT with the Fortify Online Community: community.microfocus.com/t5/F...
- Connect with peers and share your knowledge
- Find solutions and answers to your technical questions
- Stay informed on new releases and product enhancements
- Access downloads, demos, videos and support tips - Наука та технологія
Hi,
I used the command to create the application but got the error. Can you suggest a solution?
{"message":"An internal error has occurred. Please contact your Fortify System Administrator.","responseCode":500,"errorCode":-10100}
I cant really give useful insights without seeing the initial request. Most likely a problem with one of the user provided values. I would recommend reaching out to someone on our support team: www.microfocus.com/en-us/contact-support/stackb
How to view the vulnerability count of all the applications at once which includes critical, high, medium and low
Fcli does not provide a single command to do that. Here is an example in powershell how that could be achieved:
#list applications and parse to powershell object
$rawJson = fcli ssc appversion list -o json
$convertedJson = ConvertFrom-Json ($rawJson -join “”)
foreach($appversion in $convertedJson){
fcli ssc appversion-vuln count --appversion=$appversion.Id
}
If you want to aggregate issue counts you could also assign the output of the second fcli command to a variable and do that.
Note that the “ssc appversion-vuln” command is replaced by “ssc vulnerabilities” in 2.0.0
How to populate data for analysis type DVA
What is DVA?
Why are you deleting commnets?
We're not intentionally deleting any comments. Did you have a question I can help with?