filmov
tv
SAST with Fortify SCA: Scanning in an IDE
Показать описание
A demo of using Fortify Static Code Analyzer (SCA) to scan in an IDE.
Fortify Static Code Analyzer (SCA) is the industry-leading SAST (static application security testing) tool. This on-premises tool also powers Fortify on Demand for Fortify on Demand (FoD), which is a complete application security as-a-service (AppSec SaaS) solution with SAST, DAST, IAST, RASP, SCA (open source security), and developer security training.
There are several ways to perform scans using Fortify SCA.
1. From the CLI (command-line interface) or Script that use Source Analyzer
2. From the CLI or Script that use ScanCentral
3. Within a supported IDE (integrated development environment) (this video)
4. As part of a CI Pipeline
This video is part 2 of a series showing each of these methods.
What you can do in a supported IDE with Fortify.
1. Initiate a scan
- performed within the environment
- scan settings can be configured
- manual process
2. View results
- issues grouped into Critical/High/Medium/Low buckets
- issues can be grouped in multiple ways
- view issue details and remediation guidance
- generate reports (some IDEs)
3. Audit results
- add comments to audit history
- raise bug tickets (some IDEs)
- upload results to Fortify Software Security Center (SSC)
- Audit SSC-based results in IDE
4. Fortify Security Assistant
- supports Visual Studio and Eclipse
- plugin finds a subset of issues as developers write their code
- Connect with peers and share your knowledge
- Find solutions and answers to your technical questions
- Stay informed on new releases and product enhancements
- Access downloads, demos, videos and support tips
Fortify Static Code Analyzer (SCA) is the industry-leading SAST (static application security testing) tool. This on-premises tool also powers Fortify on Demand for Fortify on Demand (FoD), which is a complete application security as-a-service (AppSec SaaS) solution with SAST, DAST, IAST, RASP, SCA (open source security), and developer security training.
There are several ways to perform scans using Fortify SCA.
1. From the CLI (command-line interface) or Script that use Source Analyzer
2. From the CLI or Script that use ScanCentral
3. Within a supported IDE (integrated development environment) (this video)
4. As part of a CI Pipeline
This video is part 2 of a series showing each of these methods.
What you can do in a supported IDE with Fortify.
1. Initiate a scan
- performed within the environment
- scan settings can be configured
- manual process
2. View results
- issues grouped into Critical/High/Medium/Low buckets
- issues can be grouped in multiple ways
- view issue details and remediation guidance
- generate reports (some IDEs)
3. Audit results
- add comments to audit history
- raise bug tickets (some IDEs)
- upload results to Fortify Software Security Center (SSC)
- Audit SSC-based results in IDE
4. Fortify Security Assistant
- supports Visual Studio and Eclipse
- plugin finds a subset of issues as developers write their code
- Connect with peers and share your knowledge
- Find solutions and answers to your technical questions
- Stay informed on new releases and product enhancements
- Access downloads, demos, videos and support tips
0:06:24
SAST with Fortify SCA: Scanning on The Command Line or a Script
0:10:26
SAST with Fortify SCA: Scanning in an IDE
0:04:27
Source Code Review using Fortify Source Code Analyzer | SAST using Fortify SCA
0:08:57
Modular Scanning with Fortify SCA
0:50:26
ScanCentral SAST Installation & Configuration
0:09:26
Scanning your Code with Fortify Static Code Analyzer in Visual Studio (2019)
0:22:51
What is SAST? | AppSec 101
0:04:00
Python Imports in Fortify SCA
0:05:25
SAST using Fortify
0:05:41
Scanning iOS apps with Fortify Static Code Analyzer
0:38:41
Using results from Fortify Static Code Analyzer
0:04:23
Adding SAST into GitHub workflows using Fortify
0:08:52
Visual Studio Code Extension for Fortify Static Code Analyzer
0:06:25
Secure Financial Applications using Fortify SAST (SQL Injection demo)
0:04:49
Dockerfile Scanning with Fortify SCA
0:03:53
Fortify SCA Scan .net with Command Prompt
0:01:16
Using the Fortify SCA Plugin to Scan Code in Visual Studio 2019
0:08:50
Fortify on Demand - 5 Ways to Perform Static Code Scans
0:05:20
Integrating Fortify SAST into a GitHub pipeline
0:15:46
Fortify on Demand - Integrating FoD SAST Scans into CI Pipeline
0:02:02
Fortify SAST + Sonatype SCA for best-in-class code security
0:06:32
Scan mobile session with Fortify SCA
0:09:51
Fortify Software Security Center - Overview & Walkthrough
0:01:59
Running SCA Scan using Command Line
Комментарии