Fortify for SonarQube

Supported Products

Fortify Software Security Center

The Fortify SonarQube plugin allows for importing Fortify scan results into SonarQube. It loads vulnerability data from Fortify Software Security Center (SSC) or Fortify on Demand (FoD) and displays each vulnerability as a SonarQube violation. The plugin also provides various metrics and other meta-data from Fortify SSC or FoD, such as issue counts and artifact status. The metrics are shown on the custom Fortify dashboard in SonarQube and can be used to define quality gates.

Fortify Software Security Center

About SonarQube

SonarQube is an open-source platform developed for continuous inspection of code quality to perform automatic reviews with static code analysis. It detects bugs, code smells, and security vulnerabilities in 27 programming languages. SonarQube provides clear remediation guidance for developers to understand and fix issues and for teams overall to deliver better, safer software.

SonarQube
release-rel-2020-10-2-5387 | Wed Oct 28 21:33:24 PDT 2020
5387
release/rel-2020-10-2-5387
Wed Oct 28 21:33:24 PDT 2020