Micro Focus FortifyBuild better code and secure your software. Use the Micro Focus Fortify Azure DevOps build tasks in your continuous integration builds to identify vulnerabilities in your source code. Fortify Static Code Analyzer is the most comprehensive set of software security analyzers that search for violations of security-specific coding rules and guidelines in a variety of languages. The Fortify Static Code Analyzer language technology provides rich data that enables the analyzers to pinpoint and prioritize violations so that fixes are fast and accurate. Fortify Static Code Analyzer produces analysis information that helps you deliver more secure software, and makes security code reviews more efficient, consistent, and complete. Its design allows you to quickly incorporate new third-party and customer-specific security rules. Fortify on Demand delivers application security as a service, providing customers with the security testing, vulnerability management, expertise, and support needed to easily create, supplement, and expand a Software Security Assurance program. Fortify on Demand static assessments consist of a Fortify Static Code Analyzer scan performed and audited by our team of security experts. Fortify on Demand dynamic assessments mimic real-world hacking techniques and attacks using both automated and manual techniques to provide comprehensive analysis of complex Web applications and services. Featuring Fortify WebInspect for automated dynamic scanning, Fortify on Demand provides a full-service experience, complete with macro creation for authentication and a full audit of results by our experts to remove false positives and improve overall quality. Learn more about Fortify on Demand Fortify WebInspect is the industry leading Web application dynamic security assessment solution designed to thoroughly analyze today’s complex Web applications and Web services for security vulnerabilities. It delivers broad technology coverage, fast scanning capabilities, extensive vulnerability knowledge, and accurate Web application scanning results. Fortify WebInspect gives security professionals and security novices alike the power and knowledge to quickly identify and validate critical, high-risk security vulnerabilities in applications running in development, QA, or production. Learn more about Fortify WebInspect Micro Focus Fortify Azure DevOps build tasksUse the Fortify Azure DevOps build tasks in your continuous integration builds to identify security issues in your source code. Fortify Static Code Analyzer InstallationThe Fortify Static Code Analyzer Installation task automatically installs and configures Fortify Static Code Analyzer. Users are required to prepare the Azure DevOps agent, which will run the Fortify Static Code Analyzer scan task with any dependencies needed to successfully build their software. Fortify Static Code Analyzer AssessmentThe Fortify Static Code Analyzer Assessment task enables you to run Fortify Static Code Analyzer as a build step and passes all parameters required to perform a scan. After the scan is complete, the scan results are available as a Fortify Project Results (FPR) file. The FPR and log files can be published as build artifacts. To review the scan results, download this artifact and open it in either Fortify Audit Workbench (AWB) or Fortify Software Security Center. You can also configure the task to upload the FPR to an existing Fortify Software Security Center server for enterprise vulnerability management. Fortify ScanCentral SAST AssessmentThe Fortify ScanCentral SAST Assessment task automatically submits a static scan request to Fortify ScanCentral SAST as a build step. The task will automatically install the Fortify ScanCentral client if not already installed. You can also upload your results to Fortify Software Security Center. After the scan is complete, you can view the results locally in Fortify Audit Workbench or in Fortify Software Security Center. Fortify ScanCentral DAST AssessmentThe Fortify ScanCentral DAST Assessment task automatically submits a dynamic scan request to Fortify ScanCentral DAST as a build step. After the scan is complete, you can view the results in Fortify Software Security Center. Fortify on Demand Static AssessmentThe Fortify on Demand Static Assessment task automatically submits a static scan request and uploads code to Fortify on Demand as a build step. Users can define scan settings, including scan and audit preferences, open-source component analysis, and specify third-party libraries to include. Once the scan is completed, results are made available through the Fortify on Demand portal and users are notified based on their subscription settings. Fortify on Demand Dynamic AssessmentThe Fortify on Demand Dynamic Assessment task automatically submits a dynamic scan request to Fortify on Demand as a build step. You must configure the dynamic scan settings, including the URL for the machine on which the newly-built and deployed application is hosted, in the Fortify on Demand portal. After the scan is completed, results are made available through the Fortify on Demand portal and users are notified based on their subscription settings. Fortify WebInspect Dynamic AssessmentThe Fortify WebInspect Dynamic Assessment task automatically submits a dynamic scan request to Fortify WebInspect as a build step. Fortify WebInspect scans your Web application or Web services for vulnerabilities based on the settings specified in the Scan Settings file. For instructions on how to configure the Micro Focus Fortify Azure DevOps extension tasks into your build, see https://www.microfocus.com/documentation/fortify-azure-devops-extension |