SourceAndLibScanner provides a command-line interface that enables you to combine both your Fortify Static Code Analyzer and Sonatype scan of your Java application into a single command. With this utility, you can integrate a single command into the build process of an application that you want to scan on a one-time or continuous basis. You also can upload the analysis results to Micro Focus Fortify Software Security Center.
With SourceAndLibScanner, you can:
- Scan your code with Fortify Static Code Analyzer and Sonatype, and then upload Fortify and Sonatype results to Fortify Software Security Center
- Scan your code with Fortify Static Code Analyzer and Sonatype, then upload the Fortify results to Fortify Software Security Center and the Sonatype results to an on-premises Lifecycle product (Nexus IQ Server)
- Perform Fortify Static Code Analyzer scans of your code OR perform Sonatype scans of your third- party components