jenkinsci / fortify-plugin

Fortify Jenkins plugin
https://plugins.jenkins.io/fortify
Other
23 stars 31 forks source link

How can apply the 'Fortify Assessment' menu? #22

Closed ksg97031 closed 3 years ago

ksg97031 commented 4 years ago

Hi, I install and set up the last version of fortify plugin before, but I can't find the below page. Can you tell me more information about how to apply it?

image

akaryakina commented 4 years ago

Hi, first you need to configure SSC connection in plugin settings, then set up Fortify Assessement step for your job, and finally run the build with an fpr upload step in order to see this page. It only appears after successful build and upload. Please, follow our video tutorial https://www.youtube.com/watch?v=cjEwDmTsxII for more details.

ksg97031 commented 4 years ago

@akaryakina Thank you for responding!

I have configured SSC connection in plugin settings, but the only difference is that I'm not doing a local scan. I selected the option "local translate & remote scan". Is this selected option can't "Fortify Assessment" menu?

akaryakina commented 4 years ago

@ksg97031 It does not matter how you translate and scan, it only matters if you configured application and version for your SSC connection. The Fortify Assessment is available after it is being processed on SSC.

ashnazg commented 4 years ago

@akarjakina are you saying that the build can be written to submit a remote scan, and then download the results in order for the Fortify Assessment to be generated? Our understanding was that the plugin didn't have this capability natively, but we've not seen an example of remote scan results that could then be incorporated into the submitting build.