Fortify On Demand Vulnerbility Reporting
This is an Azure DevOps task that gets the lastest count of the vulnerbilities in your Fortify On Demand release to then vallidate it is below the configured level.
You can configure each level of Critical, High, Medium and Low to make sure it aligns to your limits in the DevOps pipeline. This can prevent new unsecure code ever making it further into the Software Delivery Life Cycle.
The task uses the Fortify On Demand API and perticularly the 'Vulnerbilities' API. You can put this task either in your Build Definition or Release Piepline, to prevent code with vulnerbilites above your configured amount further.
Please configure the task variables as below:
Release ID = The Release ID of the scans to validate against.
Max Critical Issues = Maximum Critical Issues
API Key = Fortify API Key
Alert Level = 'error' to escape on breach or 'warning' to only alert on breach
All bugs found, please raise a bug on the Git Hub Issues.
This is not an offical task by Fortify or sponsored by Fortify. The extension is produced independently of Fortify.