Fortify for Jenkins

Supported Products

The Fortify Jenkins plugin adds the ability to perform security analysis with Micro Focus Fortify Static Code Analyzer, upload results to Micro Focus Fortify Software Security Center, show a summary of the analysis results, and set build failure criteria based on analysis results.

Fortify SCA/SSC

The Fortify Jenkins plugin offers the following features:

  • Provides a post-build action to analyze the source with Fortify Static Code Analyzer, update Security Content, upload analysis results to Fortify Software Security Center, and fail the build depending on uploaded results processed by Fortify Software Security Center
  • Provides pipeline support for source code analysis with Fortify Static Code Analyzer, Security Content update, and uploading to Fortify Software Security Center
  • Displays Fortify security analysis results for each Job (a history trend and latest issues from Fortify Software Security Center), and navigates to individual issues on Fortify Software Security Center for detailed analysis
Resources:
Fortify Jenkins Features

Fortify on Demand Jenkins Plugin

Fortify on Demand is a Software as a Service (SaaS) solution that enables your organization to build and expand a Software Security Assurance program easily and quickly. The Fortify on Demand Jenkins Plugin enables users to upload code directly from Jenkins for Static Application Security Testing (SAST). This plugin features the following tasks:

  • Runs a static assessment for each build triggered by Jenkins.
  • Polls for scan status and scan results.

This plugin requires a Fortify on Demand account. For more information on Fortify on Demand and to request a free trial, see https://software.microfocus.com/en-us/software/fortify-on-demand.

Resources:
Fortify on Demand Jenkins Plugin

About Jenkins

Jenkins is a self-contained, open source automation server which can be used to automate all sorts of tasks related to building, testing, and delivering or deploying software. Jenkins can be installed through native system packages, Docker, or even run standalone by any machine with a Java Runtime Environment (JRE) installed.

View Integration Page
Jenkins

Additional Resources

Fortify Homepage
Fortify Integration Ecosystem
Fortify Unplugged YouTube Channel
Fortify Community
AppSec Blog
Gartner Magic Quadrant for Application Security Testing
Gartner Critical Capabilities - Fortify Ranked Highest for Enterprise