Compliment your SaST, DaST and IaST finding in Fortify SSC with Open Source security data from Sonatype´s Nexus Lifecycle solution, powered by Nexus Intelligence, to get a complete, 360 degree view of your applications security posture.
Sonatype's Nexus Lifecycle is an open source Software Supply Chain Governance platform that allows organizations to precisely identify and reduce risk from the use of open source software without introducing false positives. This integration service and parser plugin can automatically publish results to Fortify Software Security Center (SSC) providing a consolidated view of vulnerable component findings alongside your SaAST, DaST and IaST findings. This Nexus Lifecycle integration accomplishes this with:
This plugin is free for all Sonatype Nexus Lifecycle customers.
The plugin parser and integration were developed and tested against 19.X, 20.2.X and 21.2.X of the Fortify SSC product
Suggested for you are based on app category, product compatibility, popularity, rating and newness. Some apps may not show based on entitlements. Learn more about entitlements.
- CVSS scores when only Sonatype CVSS Score Exists fixed
- Bug fix related to fetching most recent report from the IQ Server
- Overall performance improvements
loadfile.cachewhich can be set to
falseto prevent IQ reports from being cached
Performance Improvements: mapping files are now processed in parallel and the process is now up to 10x faster
Updating artifacts upload logic to upload when:
2.6.6in response to CVE-2022-22965
Fixed issue where all vulns were coming in as Vulnerable OSS with a CVE number attached. Added a 'recommended version' to the remediation guidance
Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox