dependencytrack / fortify-ssc-plugin Goto Github PK
View Code? Open in Web Editor NEWPlugin for Fortify Software Security Center (SSC) that can import Dependency-Track results
Home Page: https://dependencytrack.org/
License: Apache License 2.0
Plugin for Fortify Software Security Center (SSC) that can import Dependency-Track results
Home Page: https://dependencytrack.org/
License: Apache License 2.0
The project could not be analyzed because of maven build errors. Please review the error messages here. Another build will be scheduled within 24 hours. If the build is successful this issue will be closed, otherwise the error message will be updated.
This is an automated GitHub Issue created by Sonatype DepShield. GitHub Apps, including DepShield, can be managed from the Developer settings of the repository administrators.
Issues are synched to Fortify on the schedule even if no new scans or issues are found. This clogs up the Fortify system with repeated analysis result upload activity even though nothing changed.
Can this be enhanced to only synch if there are new issues or new OSS modules found (if OSS tab synch becomes reality)?
I followed this https://docs.dependencytrack.org/integrations/fortify-ssc/ when configuring both Dependency Track and SSC in order to push finding from DT to Fortify SSC.
One thing is unclear.
I have two projects in DT called abc_test and def_test.
In Fortify SSC i have created two applications test_abc and test_def.
How should exactly properties be configured in those two DT projects?
In documentation there is:
Group Name - i have set it to integrations - is it ok?
Property Name fortify.ssc.applicationId - what is exactly appllicationId? Should that be fortify.ssc.test_abc for example?
Property Value - The application version ID in SSC - is it version name from SSC or sth else?
Property Type - that is clear
Fortify has an Open Source Components tab where OSS used by the app are listed, however Dependency Track doesn't pass this info to Fortify. Other plugins such as Sonatype push this data, can this be added to Dependency Track?
Plugin uses DependencyTrack proxy configuration.
Although in my use case feeds are going through proxy because they are out of the organization and fortify on the same network but traffic is forced to be forwarded through proxy.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.