-
### **Summary**
The program invokes `extract()`, which can overwrite global variables and might open the door for attackers. The program invokes a function that can overwrite global variables, which …
-
We use fortify on demand for static code analysis. I do the uploads manually in the IDE today. Ideally i could stream this in when we do a 'release' build. They have a new integration that could make …
-
The following report just landed in my inbox. It is a security analysis done as part of the HP Fortify project. It outlines a number of (potentially) serious flaws in Kohana 3.3.3.1. I scanned the rep…
-
Hi community,
There is significant interest from a developer point-of-view to get a tool like HP Fortify back into SonarQube. Is there a specific section (just the rule file?) that needs HP assista…
-
Greetings.
I encounter issue when using FODUploader.jar.
FodUploader version : 5.4.0
Command line
`java -jar FodUpload.jar -z package.zip -aurl https://api.trial.fortify.com -purl https://tr…
-
Add reference DevSecOps templates for integrated SAST (and DAST where possible) assessments with the major cloud providers - AWS, Azure, GCP. Coverage should be similar to: https://github.com/fortify…
-
Fortify on Demand has flagged this [class](https://github.com/microfocus-idol/java-aci-api-ng/blob/master/src/main/java/com/autonomy/aci/client/transport/impl/DeflateContentEncoding.java) containing u…
-
I have recently updated from plugin version 4.0.0 to 4.0.1, and I am now getting a null pointer exception in my Jenkins declarative pipeline using the new version of the plugin.
Here is the excepti…
-
Jenkins version: 2.289.2 LTS
Plugin version: 6.1.0
### Reproduction steps
Create a pipeline with the following pipeline step:
```
stage('Fortify check') {
steps {
…
-
Hello,
Not an issue with this code, but couldn’t see a way to contact you sorry.
I am trying to port how you have done a scan start to PowerShell but not getting far. Would you be able to see wh…