Fortify for Eclipse

Supported Products

Eclipse Complete Plugin

The Fortify Plugin for Eclipse, included with the Fortify SCA installer, consists of three separate plugin components:

  • Audit – Enables you to open existing scan results and audit them. These results include detailed descriptions of the security vulnerabilities detected and recommended remediation strategies. The audit plugin component helps security code inspection by enabling you to easily navigate to the source code location associated with each vulnerability, and then prioritize and audit the results.
  • Analysis – Enables you to initiate a Micro Focus Fortify Static Code Analyzer scan and analysis with Fortify security content, view the results, and fix the code associated with uncovered issues, all within the Eclipse IDE.
  • Collaboration – Includes server‑related functionality such as connecting to Micro Focus Fortify Software Security Center, uploading results to Fortify Software Security Center, and performing collaborative audits. (If you do not want this functionality, then there is no need to install the collaboration plugin.)

Note: For information about supported versions of Eclipse, see the Micro Focus Fortify Software System Requirements document.

Resources

Fortify Remediation Plugin for Eclipse

The Fortify Remediation Plugin for Eclipse included with the Fortify SCA installer (Eclipse Remediation Plugin) works in conjunction with Micro Focus Fortify Software Security Center to add remediation functionality to your software security analysis from the Eclipse IDE. The Eclipse Remediation Plugin is a lightweight plugin option for developers who do not need the scanning and auditing capabilities of Audit Workbench and the Eclipse Complete Plugin.

The Eclipse Remediation Plugin enables developers to quickly and easily understand the reported vulnerabilities and implement appropriate solutions.

Developers can address security issues while they write code in Eclipse. Your organization can use the Eclipse Remediation Plugin with Fortify Software Security Center to manage projects and assign specific issues to the relevant developers.

Resources

Eclipse Fortify on Demand IDE Plugin

The Fortify on Demand Plugin for Eclipse, including how to download the Eclipse plugin to Fortify on Demand and to upload a project using that plug-in and then to download results from Fortify on Demand once a scan has completed.

Resources
Eclipse Fortify on Demand IDE Plugin

Fortify Security Assistant for Eclipse: Real-time Analysis in the IDE

The Fortify Security Assistant for Eclipse integrates with the Eclipse Java development environment. Fortify Security Assistant for Eclipse works with a portion of the Fortify security content to provide alerts to potential security issues as you write your Java code. Fortify Security Assistant for Eclipse provides detailed information about security risks and recommendations for how to secure the potential issue. Fortify Security Assistant for Eclipse can detect:

  • Potentially dangerous uses of functions and APIs
  • Issues caused by tainted data reaching vulnerable functions and APIs at the intra-class level

Fortify Security Assistant for Eclipse requires:

  • A valid Fortify license to scan for issues
  • Up-to-date Fortify Software Security Content
Resources
Fortify Security Assistant for Eclipse

About Eclipse

The Eclipse IDE is famous for Java Integrated Development Environment (IDE), but there are a number of IDEs, including C/C++ IDE, JavaScript/TypeScript IDE, PHP IDE, and more. Combine multiple languages support and other features into any of the default packages, and the Eclipse Marketplace allows for virtually unlimited customization and extension. More about Eclipse IDE.

Eclipse
release-rel-2020-10-1-5313 | Wed Oct 14 18:06:08 PDT 2020
5313
release/rel-2020-10-1-5313
Wed Oct 14 18:06:08 PDT 2020