FortifyVulnerabilityExporter
FortifyVulnerabilityExporter copied to clipboard
fortify
Export Fortify vulnerability data to GitHub, GitLab, SonarQube and more
👋 Hello! Not sure if this is the right place to raise this issue, but we've noticed that the way Fortify SCA is generating SARIF documents is causing a bad...
Was wondering if there's any plans to also include Backstage integration? It would be great to have a Backstage plugin similar to the one synk created: https://github.com/snyk-tech-services/backstage-plugin-snyk where scan results...
See #70 for background information. Potentially, we should reconsider the ability to process multiple versions/releases if release/version name is omitted from `fod.release.name`/`ssc.version.name` properties. If users want to process all releases/versions...
See https://github.com/fortify/github-action/issues/15 for background information; FVE silently ignores unknown command-line arguments, which can lead to unexpected behavior. For example, if a user or some integration omits quotes around application version/release...
I have a local installation of the Fortify SCA software installed in a GitHub Action container and am able to run a scan and get a resulting *.fpr file that...
Hi, Good day ! I'm using FortifyVulnerabilityExporter on sample WebGoat application's scan and trying to export FOD scan results using customized yml file with export_config: ${{github.workspace}}/MyCustomExportConfig_JSON.yml While exporting I received...
Due to a change in configuration file handling, the GitLab-specific instructions in the README.md file are no longer functional. GitLab seems to be passing `sh` to the Docker container, which...
When using FortifyVulnerabilityExporter with tools that allow import of SCA findings from SSC/FoD allow Debricked information to be exported as well as Sonatype.
``` Caused by: java.lang.NullPointerException at com.fortify.vulnexport.spi.target.vuln.consumer.to.file.stream.MultiOutputStreamFactory$MultiOutputStream.createFileOutputStream(MultiOutputStreamFactory.java:88) at com.fortify.vulnexport.spi.target.vuln.consumer.to.file.stream.MultiOutputStreamFactory$MultiOutputStream.(MultiOutputStreamFactory.java:79) at com.fortify.vulnexport.spi.target.vuln.consumer.to.file.stream.MultiOutputStreamFactory.createOutputStream(MultiOutputStreamFactory.java:53) ``` It seems like `file.getParentFile()` at https://github.com/fortify/FortifyVulnerabilityExporter/blob/4d8e14b70e7c93e8464607f569803fe27849402b/FortifyVulnerabilityExporter-spi-to/src/main/java/com/fortify/vulnexport/spi/target/vuln/consumer/to/file/stream/MultiOutputStreamFactory.java#L87 may return null if a user specifies a simple file name (rather than...
### Rationale We currently provide [FortifyBugTrackerUtility (FBTU)](https://github.com/fortify-ps/FortifyBugTrackerUtility) for submitting vulnerability data to bug tracking and other external systems. It makes sense to move this functionality to FortifyVulnerabilityExporter (FVE) for various...