Hi,
We wish to add a new task in fortify plugin because the plugin task is only to check compliance. This task is not enough for us, we need a new task in in the plugin to get by application/version the number of vulnerabilities (critical, high, warning)
Regards,
by: Charlemagne T. | over a year ago | Integrations
Comments
Thank you for the request!
This is not yet on our integration roadmap for Denali release (October, 2023). Our integrations serve multiple customers, and we will look for a broader set of users voting and providing their feedback about the changes.
Hello,
We need this plugin evolution because Fortify is a mandatory gate before allowing a release to go in production for our customer. When they deploy with Release they use a gate task per deployment and this is use to know the number of vulnerabilities. For example they want to be able to block the deployment when the number critical vulnerabilities is more than one. This gate is very important for the security of customers environnements.
Regards,
Here's some argument to explain why this plugin must be upgraded, otherwise, it's not usable:
◾ Full Understanding:
Digital.ai Release Fortify Check Compliance provides a general overview of compliance, but doesn't offer insights into specific vulnerabilities. Having access to the list of vulnerabilities categorized by severity allows for a comprehensive understanding of security issues that exist within the code and can be use to choose between going on the release or stopping it.
◾ Compliance with Standards and Regulations: In many industries like banks, there are strict standards and regulations concerning data security. Having a detailed list of vulnerabilities ensures that the ops complies with these standards and eventually stop the deployment if something is wrong.
◾ Traceability: Having a detailed record of identified vulnerabilities contributes to traceability.
◾ Resource Allocation: By knowing the specific vulnerabilities and their severity, teams can more efficiently allocate the necessary resources to address them. This avoids wasting time and money on issues that are not critical to continue the release deployment.
◾ Continuous Security Improvement: Security is a continuous process, not a one-time state. Having access to a detailed list of vulnerabilities helps in setting benchmarks and tracking progress over time, thus fostering
Could you please provide more details about the specific version of Fortify that you are using?
The version is 21.1.5.0002
Hi
You will find below the needed informations :
Le SSC : 21.1.5.0002
le sensor : 21.1.0.0162
le controller : 21.1.4.0002
Regards,
Scheduled for release in spring 2024 (E-wave), we are planning to include this item. To ensure that we effectively meet your requirements, we would like to schedule a working session to gain a comprehensive understanding of your use case starting from October, 2023. Additionally, we would like to leverage your dev customer instance for testing and validation, because of the limited availability of Fortify license.
we will be available for a working session and also to share our experience with fortify
This update is accessible in the Early Access 24.1 beta5 version on the distribution side https://dist.xebialabs.com/customer/early-access/. We encourage you to test it and share your feedback with us.