How the Fortify task works
Fortify works by analyzing the JAVA libraries for any known vulnerabilities. Required installed extension - Micro Focus Fortify. It is a white-box testing tool, it identifies the root cause of vulnerabilities and helps remediate the underlying security flaws. SAST solutions analyze an application from the βinside outβ and do not reed a running system to perform a scan.
Fortify Agent
For the possibility to run Fortify task our project was provided with a special Agent from Security Team. The agent should be pointed in the βpoolβ section of pipelines and added to the project where you plan to use this task.
Pool configuration
pool:
name: Fortify