The Fortify SonarQube plugin allows for importing Fortify scan results into SonarQube. It loads vulnerability data from Fortify Software Security Center (SSC) or Fortify on Demand (FoD) and displays each vulnerability as a SonarQube violation. The plugin also provides various metrics and other meta-data from Fortify SSC or FoD, such as issue counts and artifact status. The metrics are shown on the custom Fortify dashboard in SonarQube and can be used to define quality gates.
SonarQube is an open-source platform developed for continuous inspection of code quality to perform automatic reviews with static code analysis. It detects bugs, code smells, and security vulnerabilities in 27 programming languages. SonarQube provides clear remediation guidance for developers to understand and fix issues and for teams overall to deliver better, safer software.