Documentation for the ssc-js-sandbox project

Checks HP Fortify for projects and project versions. If the project doesn't exist, then the task is capable of creating the project and an initial version. If the project version doesn't exist, then the task is capable of creating the version and also capable of copying issues/suppressions from previous versions.

Fortify API is a Python RESTFul API client module for Fortify's Software Security Center

NewsBotIRC - Java IRC Bot with RSS feed reader

Microfocus Fortify Parser for importing Sonatype IQ Server scan results

Proof of Concept: GitHub Action to convert Fortify FPR files to SARIF format

The Fortify API client makes requests to a Software Security Center (SSC) API of Fortify to perform different tasks like approval of FPRs or creation of projects. Generally used from a CI/CD pipeline.

Sample GitHub Action workflows based on the Fortify SSC JS Sandbox project

Example of a plugin that can parse non-Fortify security scan results and import them into Fortify Software Security Center.

Fortify Software Security JavaScript sandbox

Utility to synchronize FoD releases and scan results to SSC

Generic utility classes for implementing SSC parser plugins

Plugin API to develop plugin for Fortify Security Center

Java Utility packages for working with various Fortify products

SSC parser plugin for SARIF input files

Fortify SSC Parser Plugin for BURP Suite

Fortify SSC Parser Plugin for OWASP Dependency Check results

Fortify SSC Parser Plugin for Tenable.io Container Security results

Fortify SSC parser plugin for parsing JSON output generated by Clair REST API

Alternative sample parser implementation