Error while uploading the bugtracker-target-octane-3.7.jar

[egirdhar]

Hi , I have build the source code of release 3.7 to get Octane JAR file and then I tried to upload the JAR file in Fortify SSC 19.1 version, It does not letm e upload the JAR and throws following error message -

Reason: Error loading/validating plugin metadata from jar\nPlease contact the plugin developer to get the proper plugin package.

Please help to resolve this . Have attached here the Maven Output and screenshot of error on Fortify.

Maven_package_output.txt

[rsenden]

FortifyBugTrackerUtility is a stand-alone program for submitting Fortify vulnerabilities to bug trackers and other external systems. Even though this utility and SSC bug tracker plugins share similar objectives, they take a completely different approach to fulfill these objectives.

An SSC bug tracker plugin allows for manual, interactive submission of vulnerabilities to a bug tracker, whereas FortifyBugTrackerUtility takes a fully automated approach by automatically selecting and grouping vulnerabilities based on configurable criteria. For example, FortifyBugTrackerUtility can be run daily or as part of a build job to have it automatically submit any new vulnerabilities to the bug tracker.

The bug tracker modules provided by FortifyBugTrackerUtility are not compatible with SSC, so you cannot load these jar files as bug tracker plugins in SSC. At the moment there is no SSC bug tracker plugin for Octane that I know of, so you have the following options (in random order) to load SSC vulnerabilities into Octane:

• Develop an SSC bug tracker plugin for Octane; you can either do this yourself based on the SSC documentation, or you can purchase Fortify Professional Services to have us develop such a plugin for you.
• Utilize the Octane support provided by FortifyBugTrackerUtility; please see the documentation provided with the utility for more details on how to configure and use this utility. If you require any (detailed) assistance or additional features, please consider purchasing Fortify Professional Services in order to receive dedicated assistance.
• Octane also provides functionality for pulling scan results from Fortify SSC; see https://admhelp.microfocus.com/octane/en/latest/Online/Content/AdminGuide/how-setup-FoD-integration.htm. Note that I have no experience with this integration, so please contact Octane support if you require any assistance with this approach.