filmov
tv
Integrating Fortify SAST into a GitHub pipeline
Показать описание
Demo of how easy it is to integrate Fortify SAST scanning into a CI/CD pipeline with GitHub Actions.
GitHub has announced third-party code scanning tools, including static analysis & developer security training. To help development and DevOps teams overcome challenges to secure coding, GitHub created GitHub Actions. GitHub Actions places flexible automation directly into the developer workflow on GitHub, enabling teams to automate nearly everything in CI/CD process, including software builds, testing, and deployments. Automation with GitHub Actions also allows security activities to run smoothly throughout the dev pipeline.
Fortify is one of the new third-party tools available with GitHub code scanning.
These Fortify Actions on GitHub help streamline developer workflows and empowers them to code more confidently without sacrificing speed and security:
Fortify on Demand Scan: This GitHub Action sets up the Fortify on Demand (FoD) Uploader - also referred to as the FoD Universal CI Tool - to integrate Static Application Security Testing (SAST) into your GitHub workflows. Check it out for details on how to initiate an FoD SAST scan, including polling for completion, in your workflow.
Generate SARIF from Fortify on Demand: The primary use case for this action is after completion of a FoD SAST scan. This GitHub Action invokes the Fortify on Demand (FoD) API to generate a SARIF log file of Static Application Security Testing (SAST) results. The SARIF output is optimized for subsequent import into GitHub to display vulnerabilities in the Security Code Scanning Alerts.
Fortify ScanCentral Scan: This GitHub Action sets up the Fortify ScanCentral Client to integrate Static Application Security Testing (SAST) into your GitHub workflows. This action downloads, extracts and caches the specified version of the Fortify ScanCentral Client zip file, and adds the Fortify ScanCentral Client bin-directory to the path.
- Connect with peers and share your knowledge
- Find solutions and answers to your technical questions
- Stay informed on new releases and product enhancements
- Access downloads, demos, videos and support tips
GitHub has announced third-party code scanning tools, including static analysis & developer security training. To help development and DevOps teams overcome challenges to secure coding, GitHub created GitHub Actions. GitHub Actions places flexible automation directly into the developer workflow on GitHub, enabling teams to automate nearly everything in CI/CD process, including software builds, testing, and deployments. Automation with GitHub Actions also allows security activities to run smoothly throughout the dev pipeline.
Fortify is one of the new third-party tools available with GitHub code scanning.
These Fortify Actions on GitHub help streamline developer workflows and empowers them to code more confidently without sacrificing speed and security:
Fortify on Demand Scan: This GitHub Action sets up the Fortify on Demand (FoD) Uploader - also referred to as the FoD Universal CI Tool - to integrate Static Application Security Testing (SAST) into your GitHub workflows. Check it out for details on how to initiate an FoD SAST scan, including polling for completion, in your workflow.
Generate SARIF from Fortify on Demand: The primary use case for this action is after completion of a FoD SAST scan. This GitHub Action invokes the Fortify on Demand (FoD) API to generate a SARIF log file of Static Application Security Testing (SAST) results. The SARIF output is optimized for subsequent import into GitHub to display vulnerabilities in the Security Code Scanning Alerts.
Fortify ScanCentral Scan: This GitHub Action sets up the Fortify ScanCentral Client to integrate Static Application Security Testing (SAST) into your GitHub workflows. This action downloads, extracts and caches the specified version of the Fortify ScanCentral Client zip file, and adds the Fortify ScanCentral Client bin-directory to the path.
- Connect with peers and share your knowledge
- Find solutions and answers to your technical questions
- Stay informed on new releases and product enhancements
- Access downloads, demos, videos and support tips
0:09:17
0:05:20
0:04:23
0:15:46
0:10:26
0:06:24
0:50:26
0:06:25
0:04:27
0:08:52
0:13:23
0:00:43
0:06:38
0:50:17
0:39:14
0:02:02
0:00:47
0:12:58
0:38:41
0:09:26
0:04:58
0:05:44
0:08:50
0:05:52