rsenden
commented
1 year ago FortifyVulnerabilityExporter can export vulnerability data to a variety of file formats that can then be ingested into a target system. I'm not familiar with Backstage; if they provide the ability to ingest vulnerability data from JSON or CSV files, then it should be possible to create a FortifyVulnerabilityExporter configuration that exports vulnerability data to a file format that is compatible with Backstage.
I couldn't find such file import functionality though while having a quick browse through the Backstage documentation; it looks like Backstage would require a Backstage-specific plugin to be developed to import data from Fortify SSC or Fortify on Demand. I'm not aware of any plans for such a plugin, but I'll check internally. If you're an existing Fortify customer, you may also want to check with Fortify Support or your FoD TAM whether there are any such plans.
Damounet
Was wondering if there's any plans to also include Backstage integration? It would be great to have a Backstage plugin similar to the one synk created: https://github.com/snyk-tech-services/backstage-plugin-snyk where scan results can be posted to Backstage providing developers a single pane of glass view into a component.
Backstage: https://backstage.io/docs/overview/what-is-backstage is soon becoming the new Internal Developer Portal standard.