Closed BuBuaBu closed 10 years ago
Hi, Thanks for the contribution. For my information how did you get these rule descriptions ? Do you know what is the related Fortify version ?
I got the list from http://www.hpenterprisesecurity.com/vulncat/en/vulncat/all.html For a Java project, SCA 3.90 did not find any issue not in this list.
Also, I'm working on an other approach for a fortify plugin that will generate and parse the fortify report rather than requesting SSC. You can have a look to my sonar-fortifysca-plugin repository. I will post this to the sonar-dev mailing list in the coming days / weeks.
FYI we had a pb with the rule ids of the XML report. At that time they were UUID specific to the Fortify SSC installation.
Hello, I've updated the download script for rule and execute it to get new rules and updated description.
Please tell me if this king of update is useful for you.
Vivien