Fortify集成(chéng)生态系統

【概要描述】

分類：新聞資訊
作者：
來源：
發(fā)布時(shí)間：2021-03-19
訪問量：0

詳情

DevOps 和應用程序安全

在整個軟件開(kāi)發(fā)生命周期 (SDLC) 中，應用程序安全必須是無縫的。經(jīng)過(guò)精心設計，Fortify 應用程序安全成(chéng)爲了 DevOps 流程的内置屬性。企業規模的 DevOps 速度并不意味著(zhe)犧牲安全性或將(jiāng)業務置于危險之中。

集成(chéng)到您使用的工具中，以便您盡早且頻繁地測試您的應用程序，發(fā)現安全問題并進(jìn)行修複，這(zhè)一流程是開(kāi)發(fā)測試周期的一部分。我們的集成(chéng)生态系統：

- 便于開(kāi)發(fā)人員使用

- 充分利用現有工具的投資

- 將(jiāng)安全性嵌入到您當前的流程中以減少摩擦

在我們的 API 中，Swagger 被用于提供文檔/API 自我參考。我們的 Fortify Github 頁面(miàn)中有多個項目以及關于如何利用各種(zhǒng) API 頻繁執行所要求的任務的示例。API 參考内置在産品中，可以通過(guò)各個産品的互聯網界面(miàn)訪問。

Fortify SAST 爲超過(guò) 27 種(zhǒng)主要語言及其框架提供精準的支持，并由業界領先的軟件安全研究 (SSR) 團隊提供靈活的更新支持。

使您的應用程序具有廣泛的漏洞覆蓋範圍，包括 1000 多個 SAST 漏洞分類，以确保符合 OWASP Top 10、CWE/SANS Top 25、DISA STIG 和 PCI DSS 等标準。

對(duì)開(kāi)發(fā)人員友好(hǎo)的語言覆蓋範圍——支持：ABAP/BSP、ActionScript、Apex、ASP.NET、C# (.NET)、C/C++、Classic ASP（含 VBScript）、COBOL、ColdFusion CFML、Go、HTML、Java（包括 Android）、JavaScript/AJAX、JSP、Kotlin、MXML(Flex)、Objective C/C++、PHP、PL/SQL、Python、Ruby、Swift、T-SQL、VB.NET、VBScript、Visual Basic 和 XML

如需查看當前支持的語言、版本和框架的完整列表，請訪問我們的詳細列表

支持的編程語言

Fortify Static Code Analyzer
支持的編程語言

Language / Frameworks	Versions
.NET Framework	2.0–4.8
.NET Core	2.0–3.1
ABAP/BSP	6 Note: Fortify ABAP Extractor is supported on a system running SAP release 7.02, SP level 0006.
ActionScript	3.0
Apex	36
ASP.NET	2.0–4.8
C#	5, 6, 7, 8
C/C++	See Compilers.
Classic ASP (with VBScript)	2.0, 3.0
COBOL	IBM Enterprise COBOL for z/OS 6.1 (and earlier) with CICS, IMS, DB2, and IBM MQ
ColdFusion	8, 9, 10
Go	1.12, 1.13 Note: Scanning Go code is supported on Windows and Linux.
HTML	5 and earlier
Java (including Android)	5, 6, 7, 8, 9, 10, 11, 12, 13, 14
JavaScript	ECMAScript 2015–2020
JSP	1.2, 2.1
Kotlin	1.3.50
MXML (Flex)	4
Objective-C/C++	See Compilers.
PHP	5.3, 5.4, 5.5, 5.6, 7.0, 7.1
PL/SQL	8.1.6
Python	2.6, 2.7, 3.x (3.8 and earlier)
Ruby	1.9.3
Scala	2.11, 2.12, 2.13 Note: Scanning Scala code requires a standard Lightbend Enterprise Suite license
Swift	5 Note: See Compilers for supported swiftc versions.
T-SQL	SQL Server 2005, 2008, 2012
TypeScript	2.8, 3.x, 4.0
VBScript	2.0, 5.0
Visual Basic (VB.NET)	11, 14, 15.x, 16.0
Visual Basic	6.0
XML	1.0

支持的構建工具

Fortify Static Code Analyzer
支持的構建工具

Build Tool	Versions	Notes
Ant	1.10.x and earlier
Bamboo	(see the Atlassian Marketplace for supported versions)	The Fortify App for Bamboo is available from the Atlassian Marketplace.
Gradle	6.6.x and earlier	The Fortify Static Code Analyzer Gradle build integration supports the following language/platform combinations: Java/Windows, Linux, and macOS Kotlin/Windows and Linux C/Linux C++/Linux
Jenkins	(see the Jenkins Plugin Index for supported versions)	The Fortify Jenkins plugin is available from the Jenkins Plugins Index at https://plugins.jenkins.io/fortify.
Maven	3.0.5, 3.5.x, 3.6.x
MSBuild	4.x, 12.0, 14.0, 15.x, 16.4, 16.6
Xcodebuild	11, 11.1, 11.2.1, 11.3, 11.3.1, 11.4.1, 11.5, 11.6, 11.7, 12, 12.0.1, 12.1, 12.2, 12.3

支持的編譯器

Fortify Static Code Analyzer
支持的編譯器

Compiler	Versions	Platform
gcc	GNU gcc 4.9, 5.x	Windows, Linux, macOS
g++	GNU g++ 4.9, 5.x	Windows, Linux, macOS
OpenJDK javac	9, 10, 11, 12, 13, 14	Windows, Linux, macOS
Oracle javac	7, 8, 9	Windows, Linux, macOS
cl	2015, 2017, 2019	Windows
Intel C++ Compiler	icc 8.0	Linux
Clang	11.0.0, 11.0.3, 12.0.0¹	macOS
Swiftc	5.1, 5.1.2, 5.1.3, 5.2.2, 5.2.4, 5.3, 5.3.1, 5.3.2¹	macOS

¹Fortify Static Code Analyzer supports applications built in the following Xcode versions: 11, 11.1, 11.2.1, 11.3, 11.3.1, 11.4.1, 11.5, 11.6, 11.7, 12, 12.0.1, 12.1, 12.2, 12.3.

支持的開(kāi)發(fā)工具插件

The following table lists the supported integrated development environments (IDE) for the Micro Focus Fortify Secure Code Plugins.

Plugin / Extension	IDE and Version	Notes
Fortify Eclipse Plugins (Complete and Remediation)	Eclipse 2018-x, 2019-x, 2020-03 (4.15)
Fortify Analysis Plugin	Android Studio 3.3, 3.4, 3.5 IntelliJ IDEA 2019.x, 2020.x
Fortify Remediation Plugin	Android Studio 3.3, 3.4, 3.5 IntelliJ IDEA 2019.x, 2020.x PyCharm 2019.x, 2020.x WebStorm 2019.x, 2020.x
Fortify Visual Studio Extension	Visual Studio 2015 Community, Professional, and Enterprise Visual Studio 2017 Community, Professional, and Enterprise Visual Studio 2019 Community, Professional, and Enterprise Note: The Fortify Visual Studio Extension is not compatible with Visual Studio Express.
Security Assistant Plugin for Eclipse	Eclipse 2018-x, 2019-x, 2020-x
Security Assistant Extension for Visual Studio	(see the Visual Studio Marketplace for supported versions)	Security Assistant Extension for Visual Studio is available from the Visual Studio Marketplace.

Single Sign-On (SSO)

Fortify Audit Workbench
, the Eclipse Complete plugin, and the Fortify Visual Studio Extension support the following SSO methods to connect with Fortify Software Security Center：

- SPNEGO/Kerberos SSO

Supported on the Windows platform only.

- X.509 SSO

Note: Fortify Audit Workbench和安全代碼插件可以在Fortify軟件安全中心中使用基于令牌的身份驗證，從而無需爲這(zhè)些工具直接配置SSO。

支持的集成(chéng)工具

The following table lists the supported service integrations for Micro Focus Fortify Audit Workbench
and the Fortify Secure Code Plugins.

Service	Versions	Supported Tools
Bugzilla	5.0.x	Audit Workbench, Eclipse Plugin, Visual Studio Extension
Micro Focus Application Lifecycle Management (ALM)/ Quality Center Enterprise (QC)	12.50	Audit Workbench, Eclipse Plugin
Azure DevOps Server (formerly TFS)	2019	Audit Workbench, Eclipse Plugin, Visual Studio Extension
Azure DevOps (formerly VSTS) Note: Only basic user password authentication is supported.	n/a	Audit Workbench, Eclipse Plugin
Jira	7.11 and later 8.x	Audit Workbench, Eclipse Plugin
Jira Cloud	n/a	Audit Workbench, Eclipse Plugin
Fortify Software Security Center Bug Tracker	20.2.0	Audit Workbench, Eclipse Plugin, Visual Studio Extension