Integrating Fortify SAST into a GitHub pipeline
Demo of how easy it is to integrate Fortify SAST scanning into a CI/CD pipeline with GitHub Actions.
GitHub has announced third-party code scanning tools, including static analysis & developer security training. To help development and DevOps teams overcome challenges to secure coding, GitHub created GitHub Actions. GitHub Actions places flexible automation directly into the developer workflow on GitHub, enabling teams to automate nearly everything in CI/CD process, including software builds, testing, and deployments. Automation with GitHub Actions also allows security activities to run smoothly throughout the dev pipeline.
Fortify is one of the new third-party tools available with GitHub code scanning.
Check out the Fortify Actions on GitHub: https://github.com/marketplace?type=a...
These Fortify Actions on GitHub help streamline developer workflows and empowers them to code more confidently without sacrificing speed and security:
Fortify on Demand Scan: This GitHub Action sets up the Fortify on Demand (FoD) Uploader - also referred to as the FoD Universal CI Tool - to integrate Static Application Security Testing (SAST) into your GitHub workflows. Check it out for details on how to initiate an FoD SAST scan, including polling for completion, in your workflow.
Generate SARIF from Fortify on Demand: The primary use case for this action is after completion of a FoD SAST scan. This GitHub Action invokes the Fortify on Demand (FoD) API to generate a SARIF log file of Static Application Security Testing (SAST) results. The SARIF output is optimized for subsequent import into GitHub to display vulnerabilities in the Security Code Scanning Alerts.
Fortify ScanCentral Scan: This GitHub Action sets up the Fortify ScanCentral Client to integrate Static Application Security Testing (SAST) into your GitHub workflows. This action downloads, extracts and caches the specified version of the Fortify ScanCentral Client zip file, and adds the Fortify ScanCentral Client bin-directory to the path.
LEARN MORE about Fortify: https://www.microfocus.com/en-us/solu...
LEARN MORE about how Micro Focus was named a leader in the Gartner MQ for Application Security Testing: https://software.microfocus.com/en-us...
LEARN MORE about how Fortify received the highest score in the Gartner Critical Capabilities for Application Security Testing report for the Enterprise use case AND the Mobile and Client use case: https://www.microfocus.com/en-us/asse...
SUBSCRIBE TO FORTIFY UNPLUGGED: / @fortifyunplugged
CONNECT with the Fortify Online Community: https://community.microfocus.com/t5/F...
Connect with peers and share your knowledge
Find solutions and answers to your technical questions
Stay informed on new releases and product enhancements
Access downloads, demos, videos and support tips
