simonbrandhof
commented
10 years ago Hi, Thanks for the contribution. For my information how did you get these rule descriptions ? Do you know what is the related Fortify version ?
Closed BuBuaBu closed 10 years ago
simonbrandhof
commented
10 years ago Hi, Thanks for the contribution. For my information how did you get these rule descriptions ? Do you know what is the related Fortify version ?
BuBuaBu
commented
10 years ago I got the list from http://www.hpenterprisesecurity.com/vulncat/en/vulncat/all.html For a Java project, SCA 3.90 did not find any issue not in this list.
Also, I'm working on an other approach for a fortify plugin that will generate and parse the fortify report rather than requesting SSC. You can have a look to my sonar-fortifysca-plugin repository. I will post this to the sonar-dev mailing list in the coming days / weeks.
simonbrandhof
commented
10 years ago FYI we had a pb with the rule ids of the XML report. At that time they were UUID specific to the Fortify SSC installation.
Hello, I've updated the download script for rule and execute it to get new rules and updated description.
Please tell me if this king of update is useful for you.
Vivien