Open dguimbellot opened 5 years ago
Can this tool be officially downloaded for free? Or some licensing required? I made a quick look at https://software.microfocus.com/en-us/products/application-security-testing/overview and did not find an answer.
If official free download is available, we can try to help you with a script to download and install it on demand. If this software requires purchasing and licensing, I would recommend you to look at our hybrid solution called private build cloud (setup info). In this case you can add your custom image with this tool pre-installed to your builds.
https://github.com/fod-dev/fod-uploader-java MIT license
@dguimbellot so you can download any release on the fly at say install
stage in build pipeline and use. How to do that described here
We use fortify on demand for static code analysis. I do the uploads manually in the IDE today. Ideally i could stream this in when we do a 'release' build. They have a new integration that could make our solution more secure
from their docs... FoDUploader Fortify on Demand provides a build server integration (BSI) tool called FoDUploader to help you upload applications from a build server. FoDUploader runs from the command-line on all major operating systems and thus can easily be integrated into a build script.
The benefits of using FoDUploader include:
sending files to Fortify on Demand without a size limitation transmitting files securely from a client workstation to Fortify on Demand using a BSI token transmitting through a proxy, if required API Key and secret authentication
FoDUploader Versions
Two versions of the FoDUploader tool are available:
Java application named FoDUpload.jar (Java 8 must be installed on your system)
FoDUpload.jar wrapped in a Windows native executable named FoDUpload.win.exe Note: The .NET version of the FoDUploader is no longer supported by Fortify on Demand and is marked as obsolete. Recommended FoDUploader Usage
If you are uploading an application from a build server on a non-Windows operating system, Fortify recommends using FoDUpload.jar. If you are uploading an application from a build server on a Windows operating system, Fortify recommends using FoDUpload.win.exe .
Note: If you are building a .NET application entirely within the Visual Studio or Eclipse IDEs, you can alternatively use the IDE plugins to upload the application and start a static scan. This section covers the following topics: