Description

FortifyBugTrackerUtility allows for automated submission of vulnerability information from both Fortify on Demand (FoD) and Fortify Software Security Center (SSC) to bug tracking systems like Atlassian JIRA, ALM Octane and Microsoft Azure DevOps (formerly TFS/VSTS), and other external systems like RSA Archer or CSV file.The utility is fully configurable through an XML configuration file, specifying details like:

  • Vulnerability selection criteria, for example submitting only vulnerabilities audited as 'Exploitable'
  • Vulnerability grouping criteria, for example submitting a single ticket for all XSS vulnerabilities in a single JSP file
  • Fields to be submitted to the bug tracker
  • State management, specifying how to close or re-open bug tracker issues based on SSC/FoD vulnerability state

Some advantages compared to the native bug tracker functionality included with FoD/SSC:

  • Fully automated workflow; the utility can be run on a scheduled basis or as part of build jobs
  • Fully configurable; many scenarios can be supported without requiring any code changes
  • Open source, allowing for easily adding support for other systems
  • May support external systems that are not (yet) supported by FoD/SSC
  • Supports submitting a single vulnerability to multiple external systems
  • For FoD: Allows for submitting issues to on-premise bug trackers without requiring a direct connection between FoD and the on-premise bug tracker

For detailed usage and configuration instructions, please refer to the documentation included with the distribution zip file.This utility was developed by Fortify Professional Services in collaboration with the customer community. The plugin is provided as-is and is not supported through the regular Fortify support channels. If you require assistance with deployment, bug fixes or enhancements, we encourage you to reach out to your Fortify Professional Services representative, or send an email to fortify-plugins-request@microfocus.com.

Suggested apps

Suggested for you are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.

Releases

Release
Date
Fortify BugTracker Utility 3.9
Jan 8, 2020
More info Less info
Product compatibility
Version 18.10 · 18.20
Version 19.10 · 19.20
Version 20.10 · 20.20
Version 21.1 · 21.2
Version 22.1 · 22.2
Version 23.1
Release notes

SSC: Added configuration options for including hidden/suppressed/removed vulnerabilities

Languages
English
Fortify BugTracker Utility 3.7
Apr 5, 2019
More info Less info
Product compatibility
Version 0.0
Release notes

Changes in this version:

  • SSC: Fixed NotSerializableException if addNativeBugLink is set to true
  • SSC: Fixed potential double slash in SSC deep links
  • TFS: Fixed failing TFS requests due to empty 'fields' request parameter
  • TFS: Fixed configuration file not using the same description fields in fields/appendedFields
  • General: Updated dependencies & dependency versions to avoid using potentially vulnerable dependencies
Languages
English
Fortify BugTracker Utility 3.5
Aug 13, 2018
More info Less info
Product compatibility
Version 17.1 · 17.20
Version 18.10 · 18.20
Version 19.10 · 19.20
Version 20.10
Version 21.1 · 21.2
Version 22.1 · 22.2
Version 23.1
Release notes

Major update with lot's of internal refactoring, bug fixes and new and changed functionality. The sections below provide more details about the major changes from an end user perspective.Documentation & command usage:

  • A lot of documentation has been added and updated.
  • The '-help' function has been improved, providing a lot more detail about available command line options.
  • Command line options can now be specified in arbitrary order, and prefixed with either a single or double dash.
  • Most command line options can either be provided on the command line or in the configuration file.
  • The utility no longer prompts for required command line option values like URL's and credentials; you will need to explicitly provide these as command line options (on the command line or through the configuration file). If you have a need for having the utility prompt for option values, please file a feature request.

Configuration:

  • Configuration file format has changed significantly. If you were previously using a customized configuration file, you will need to re-do these customizations based on the new configuration files included in the distribution.
  • SSC application version/FoD application release processing has been improved and offers additional functionality.
  • The utility now allows for arbitrary data to be loaded from FoD/SSC by configuring additional REST API endpoints to be invoked, allowing users to use this data for filtering and target issue data.
  • Additional target issue data is now available for use in the configuration files, thereby increasing the possibilities for bidirectional sync.
  • Various other new or improved configuration settings.

Functionality & bug fixes:

  • The 'Add Existing Bugs' native SSC bug tracker plugin now also supports SSC 17.20+.
  • Previously the utility blindly updated target issue fields during every state management operation. This new version checks whether any target issue fields need to be updated, and only updates these fields if there have been any changes.
  • Improved error management and additional checks, for example to avoid processing vulnerabilities that have been previously submitted to a target system on a different host.
  • Bug fix for improved performance when loading vulnerability data from SSC.
Languages
English
Fortify BugTracker Utility 3.4
40.2 MB
  |  
Jun 6, 2018
More info Less info
Product compatibility
Version 18.10 · 18.20
Release notes

Internal refactoring to use generic Fortify Client API library

  • Bug fixes and various changes
  • Build process updated to use Maven release plugin
Languages
English
FortifyBugTrackerUtility 3.1
Aug 29, 2017
More info Less info
Product compatibility
Version 0.0
Version 17.1 · 17.20
Release notes
  • Added updated documentation to distribution zip
  • Fixed bug that prevented users from specifying user name and password for native SSC bug tracker integrations
  • Added SSC 'Add Existing Bugs' native bug tracker integration
Languages
English

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.

Marketplace Terms of Service

In order to continue, you must accept the updated Marketplace Terms of Service
Since you are downloading an app from the OpenText Marketplace, you need to accept the updated Marketplace Terms of Service before you can continue. Use the link to review the Marketplace Terms of Service. Once complete check the, "I accept the Marketplace Terms of Service" box below and click accept to continue your download.


Your download has begun...

Your download has begun

Related content and resources

Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox

release-rel-2024-3-2-6097 | Wed Mar 27 04:29:56 PDT 2024