Fortify

Fortify¶

set SCA_VM_OPTS=-Xmx40G

Update Rules¶

PS C:\Program Files\Fortify\Fortify_SCA_and_Apps_19.1.0\bin> fortifyupdate -url https://update.fortify.com -proxyhost <if needed> -proxyport <if proxy needed> -proxyusername <if needed> -proxypassword <if needed>

Import Rules from other computer¶

Zip from C:\Program Files\Fortify\Fortify_SCA_and_Apps_19.1.0\Core\config\rules\*.*

PS C:\Program Files\Fortify\Fortify_SCA_and_Apps_19.1.0\bin> .\fortifyupdate.cmd -import 'C:\Users\user\Downloads\fortify_rules.zip'
Importing Security Content C:\Users\user\Downloads\fortify_rules.zip
Security Content Imported Successfully.

Scan JAR and class files¶

sourceanalyzer -b equipapi -source "1.8" -cp "scanning/**/*.jar" -scan -f MyProject.fpr -Dcom.fortify.sca.fileextensions.class=BYTECODE -Dcom.fortify.sca.DefaultFileTypes=class "scanning/**/*.class"

Scanning COBOL¶

'C:\Program Files\Fortify\Fortify_SCA_and_Apps_20.1.0\bin\sourceanalyzer.exe' -scan -f results2.fpr -verbose "-Dcom.fortify.sca.fileextensions.txt=COBOL" "P:\Code\FOLDER1\FOLDER2\COBOLCODE\*.txt"