Prioritizing your open source issues – Susceptibility analysis with Fortify and Sonatype
Demo of the susceptibility analysis feature in Fortify Software Security Center (version 20.2) for open source scanning with Sonatype and Fortify.
Fortify can now determine whether you've invoked a function or method and whether an uncontrolled user input can reach that function or method.
The way that we collect methods and function signatures is based on the requests that we receive for Sonatype indications of known components. So as you request that Sonatype scan various open source components, we understand that any of those particular known vulnerabilities that have had updates, meaning that they have been patched, we'll generate a signature for that function or method so that we can see that the function that is actually in your own custom code and that you are utilizing that vulnerable component of the dependency…not just that you have the dependency on your class path but you've actually used it in a way that makes you susceptible to this particular vulnerability.
The combination of Fortify and Sonatype means you can truly help prioritize your open source
Issues.
The first release is for Java only.
Fortify Static Code Analyzer (SCA) is the industry-leading SAST (static application security testing) tool. This on-premises tool also powers Fortify on Demand for Fortify on Demand (FoD), which is a complete application security as-a-service (AppSec SaaS) solution with SAST, DAST, IAST, RASP, SCA (open source security), and developer security training.
LEARN MORE about Fortify: https://www.microfocus.com/en-us/solu...
LEARN MORE about how Micro Focus was named a leader in the Gartner MQ for Application Security Testing: https://software.microfocus.com/en-us...
LEARN MORE about how Fortify received the highest score in the Gartner Critical Capabilities for Application Security Testing report for the Enterprise use case AND the Mobile and Client use case: https://www.microfocus.com/en-us/asse...
SUBSCRIBE TO FORTIFY UNPLUGGED: / @fortifyunplugged
CONNECT with the Fortify Online Community: https://community.microfocus.com/t5/F...
Connect with peers and share your knowledge
Find solutions and answers to your technical questions
Stay informed on new releases and product enhancements
Access downloads, demos, videos and support tips
![Complete online adult ballet center [30 minutes]](https://images.videosashka.com/watch/IgZEpRMQ-cE)
