DevOps 和应用程序安全
在整个软件开发生命周期 (SDLC) 中,应用程序安全必须是无缝的。经过精心设计,Fortify 应用程序安全成为了 DevOps 流程的内置属性。企业规模的 DevOps 速度并不意味着牺牲安全性或将业务置于危险之中。
集成到您使用的工具中,以便您尽早且频繁地测试您的应用程序,发现安全问题并进行修复,这一流程是开发测试周期的一部分。我们的集成生态系统:
- 便于开发人员使用
- 充分利用现有工具的投资
- 将安全性嵌入到您当前的流程中以减少摩擦
在我们的 API 中,Swagger 被用于提供文档/API 自我参考。我们的 Fortify Github 页面中有多个项目以及关于如何利用各种 API 频繁执行所要求的任务的示例。API 参考内置在产品中,可以通过各个产品的互联网界面访问。
Fortify SAST 为超过 27 种主要语言及其框架提供精准的支持,并由业界领先的软件安全研究 (SSR) 团队提供灵活的更新支持。
使您的应用程序具有广泛的漏洞覆盖范围,包括 1000 多个 SAST 漏洞分类,以确保符合 OWASP Top 10、CWE/SANS Top 25、DISA STIG 和 PCI DSS 等标准。
对开发人员友好的语言覆盖范围——支持:ABAP/BSP、ActionScript、Apex、ASP.NET、C# (.NET)、C/C++、Classic ASP(含 VBScript)、COBOL、ColdFusion CFML、Go、HTML、Java(包括 Android)、JavaScript/AJAX、JSP、Kotlin、MXML(Flex)、Objective C/C++、PHP、PL/SQL、Python、Ruby、Swift、T-SQL、VB.NET、VBScript、Visual Basic 和 XML
如需查看当前支持的语言、版本和框架的完整列表,请访问我们的详细列表
Fortify Static Code Analyzer
支持的编程语言
Language / Frameworks |
Versions |
.NET Framework |
2.0–4.8 |
.NET Core |
2.0–3.1 |
ABAP/BSP |
6 Note: Fortify ABAP Extractor is supported on a system running SAP release 7.02, SP level 0006. |
ActionScript |
3.0 |
Apex |
36 |
ASP.NET |
2.0–4.8 |
C# |
5, 6, 7, 8 |
C/C++ |
See Compilers. |
Classic ASP (with VBScript) |
2.0, 3.0 |
COBOL |
IBM Enterprise COBOL for z/OS 6.1 (and earlier) with CICS, IMS, DB2, and IBM MQ |
ColdFusion |
8, 9, 10 |
Go |
1.12, 1.13 Note: Scanning Go code is supported on Windows and Linux. |
HTML |
5 and earlier |
Java (including Android) |
5, 6, 7, 8, 9, 10, 11, 12, 13, 14 |
JavaScript |
ECMAScript 2015–2020 |
JSP |
1.2, 2.1 |
Kotlin |
1.3.50 |
MXML (Flex) |
4 |
Objective-C/C++ |
See Compilers. |
PHP |
5.3, 5.4, 5.5, 5.6, 7.0, 7.1 |
PL/SQL |
8.1.6 |
Python |
2.6, 2.7, 3.x (3.8 and earlier) |
Ruby |
1.9.3 |
Scala |
2.11, 2.12, 2.13 Note: Scanning Scala code requires a standard Lightbend Enterprise Suite license |
Swift |
5 Note: See Compilers for supported swiftc versions. |
T-SQL |
SQL Server 2005, 2008, 2012 |
TypeScript |
2.8, 3.x, 4.0 |
VBScript |
2.0, 5.0 |
Visual Basic (VB.NET) |
11, 14, 15.x, 16.0 |
Visual Basic |
6.0 |
XML |
1.0 |
支持的构建工具
Fortify Static Code Analyzer
支持的构建工具
Build Tool |
Versions |
Notes |
Ant |
1.10.x and earlier |
|
Bamboo |
(see the Atlassian Marketplace for supported versions) |
The Fortify App for Bamboo is available from the Atlassian Marketplace. |
Gradle |
6.6.x and earlier |
The Fortify Static Code Analyzer Gradle build integration
|
Jenkins |
(see the Jenkins Plugin Index for supported versions) |
The Fortify Jenkins plugin is available from the Jenkins Plugins Index at https://plugins.jenkins.io/fortify. |
Maven |
3.0.5, 3.5.x, 3.6.x |
|
MSBuild |
4.x, 12.0, 14.0, 15.x, 16.4, 16.6 |
|
Xcodebuild |
11, 11.1, 11.2.1, 11.3, 11.3.1, 11.4.1, 11.5, 11.6, 11.7, 12, 12.0.1, 12.1, 12.2, 12.3 |
|
支持的编译器
Fortify Static Code Analyzer
支持的编译器
Compiler |
Versions |
Platform |
gcc |
GNU gcc 4.9, 5.x |
Windows, Linux, macOS |
g++ |
GNU g++ 4.9, 5.x |
Windows, Linux, macOS |
OpenJDK javac |
9, 10, 11, 12, 13, 14 |
Windows, Linux, macOS |
Oracle javac |
7, 8, 9 |
Windows, Linux, macOS |
cl |
2015, 2017, 2019 |
Windows |
Intel C++ Compiler |
icc 8.0 |
Linux |
Clang |
11.0.0, 11.0.3, 12.0.01 |
macOS |
Swiftc |
5.1, 5.1.2, 5.1.3, 5.2.2, 5.2.4, 5.3, 5.3.1, 5.3.21 |
macOS |
1Fortify Static Code Analyzer supports applications built in the following Xcode versions: 11, 11.1, 11.2.1, 11.3, 11.3.1, 11.4.1, 11.5, 11.6, 11.7, 12, 12.0.1, 12.1, 12.2, 12.3.
支持的开发工具插件
The following table lists the supported integrated development environments (IDE) for the Micro Focus Fortify Secure Code Plugins.
Plugin / Extension |
IDE and Version |
Notes |
Fortify Eclipse Plugins |
Eclipse 2018-x, 2019-x, 2020-03 (4.15) |
|
Fortify Analysis Plugin |
Android Studio 3.3, 3.4, 3.5 IntelliJ IDEA 2019.x, 2020.x |
|
Fortify Remediation Plugin |
Android Studio 3.3, 3.4, 3.5 IntelliJ IDEA 2019.x, 2020.x PyCharm 2019.x, 2020.x WebStorm 2019.x, 2020.x |
|
Fortify Visual Studio Extension |
Visual Studio 2015 Community, Professional, and Enterprise Visual Studio 2017 Community, Professional, and Enterprise Visual Studio 2019 Community, Professional, and Enterprise Note: The Fortify Visual Studio Extension is not compatible with Visual Studio Express. |
|
Security Assistant Plugin for Eclipse |
Eclipse 2018-x, 2019-x, 2020-x |
|
Security Assistant Extension for Visual Studio |
(see the Visual Studio Marketplace for supported versions)
|
Security Assistant Extension for Visual Studio is available from the Visual Studio Marketplace. |
Single Sign-On (SSO)
Fortify Audit Workbench
, the Eclipse Complete plugin, and the Fortify Visual Studio Extension support the following SSO methods to connect with Fortify Software Security Center:
- SPNEGO/Kerberos SSO
Supported on the Windows platform only.
- X.509 SSO
Note: Fortify Audit Workbench和安全代码插件可以在Fortify软件安全中心中使用基于令牌的身份验证,从而无需为这些工具直接配置SSO。
支持的集成工具
The following table lists the supported service integrations for Micro Focus Fortify Audit Workbench
and the Fortify Secure Code Plugins.
Service |
Versions |
Supported Tools |
Bugzilla |
5.0.x |
Audit Workbench, Eclipse Plugin, Visual Studio Extension |
Micro Focus Application Lifecycle Management (ALM)/ |
12.50 |
Audit Workbench, Eclipse Plugin |
Azure DevOps Server (formerly TFS) |
2019 |
Audit Workbench, Eclipse Plugin, Visual Studio Extension |
Azure DevOps (formerly VSTS) Note: Only basic user password authentication |
n/a |
Audit Workbench, Eclipse Plugin |
Jira |
7.11 and later |
Audit Workbench, Eclipse Plugin |
Jira Cloud |
n/a |
Audit Workbench, Eclipse Plugin |
Fortify Software Security Center |
20.2.0 |
Audit Workbench, Eclipse Plugin, Visual Studio Extension |
注:此为Fortify SCA 20.2版本所支持的内容。
扫二维码用手机看
更多资讯


电力物联网设备的固件检测方案

网络安全标准解读:IEC 81001-5-1和IEC/TR 60601-4-5

固件漏洞安全检测平台
联系我们
联系我们
关注我们
