Fortify Software Security Center Application Vulnerability Counts by Priority In the previous post in this series, I showed you how to pull basic scan information out of the SQL Server database that houses Fortify’s Software Security Center (SSC) data. Fortify’s Static Code Analyzer (SCA) produced the *.fpr output file that populated SSC. In this post, […]
Static Code Analysis
Fortify Static Code Analyzer and Family Reporting: Looking at a Scan
Fortify SCA and SSC Basics: The Scan If we’re going to write reports based on Fortify Static Code Analyzer (SCA), then we need a source of the information. The output of an SCA scan is an *.fpr file, which contains what SCA thinks are the issues with the code, as well as code snippets, the […]
Introduction: Fortify Static Code Analyzer and Family Reporting
SAST: You Can’t Improve What You Can’t Measure Protecting your custom applications and data is a never-ending task. It seems like the burden on application architects, designers, and developers has only increased in the world of Continuous Integration/Continuous Deployment (CI/CD). Teams have to find the right mix of tools like Dynamic Application Security Testing tools […]