IlyaFinkelshteyn
commented
5 years ago Can this tool be officially downloaded for free? Or some licensing required? I made a quick look at https://software.microfocus.com/en-us/products/application-security-testing/overview and did not find an answer.
If official free download is available, we can try to help you with a script to download and install it on demand. If this software requires purchasing and licensing, I would recommend you to look at our hybrid solution called private build cloud (setup info). In this case you can add your custom image with this tool pre-installed to your builds.
dguimbellot
We use fortify on demand for static code analysis. I do the uploads manually in the IDE today. Ideally i could stream this in when we do a 'release' build. They have a new integration that could make our solution more secure
from their docs... FoDUploader Fortify on Demand provides a build server integration (BSI) tool called FoDUploader to help you upload applications from a build server. FoDUploader runs from the command-line on all major operating systems and thus can easily be integrated into a build script.
The benefits of using FoDUploader include:
sending files to Fortify on Demand without a size limitation transmitting files securely from a client workstation to Fortify on Demand using a BSI token transmitting through a proxy, if required API Key and secret authentication
FoDUploader Versions
Two versions of the FoDUploader tool are available:
Java application named FoDUpload.jar (Java 8 must be installed on your system)
FoDUpload.jar wrapped in a Windows native executable named FoDUpload.win.exe Note: The .NET version of the FoDUploader is no longer supported by Fortify on Demand and is marked as obsolete. Recommended FoDUploader Usage
If you are uploading an application from a build server on a non-Windows operating system, Fortify recommends using FoDUpload.jar. If you are uploading an application from a build server on a Windows operating system, Fortify recommends using FoDUpload.win.exe .
Note: If you are building a .NET application entirely within the Visual Studio or Eclipse IDEs, you can alternatively use the IDE plugins to upload the application and start a static scan. This section covers the following topics: