Static Code Analysis

Fortify Static Code Analyzer And Family Reporting: Basic Statistics

Fortify Software Security Center Application Vulnerability Counts by PriorityIn the previous post in this series, I showed you how to pull basic scan information out of the SQL Server database that houses Fortify’s Software Security Center (SSC) data. Fortify’s Static Code Analyzer (SCA) produced the *.fpr output file that populated SSC.  In this post, I’ll show […]

Static Code Analysis

Introduction: Fortify Static Code Analyzer and Family Reporting

SAST: You Can’t Improve What You Can’t MeasureProtecting your custom applications and data is a never-ending task. It seems like the burden on application architects, designers, and developers has only increased in the world of Continuous Integration/Continuous Deployment (CI/CD). Teams have to find the right mix of tools like Dynamic Application Security Testing tools (DAST) and Static […]