NCDIT's Software Quality, Security & Testing Services team provides static analysis services, also known as static application security testing, through Fortify Static Code Analyzer. Fortify assesses customers' applications code for potential security vulnerabilities and pinpoints the root cause of vulnerabilities with line of code details. It identifies critical vulnerabilities during development phases when they are easiest and least expensive to fix.
Compile applications like .Net and Java in preparation for scanning the application using Fortify Static Code Analyzer.
- Write scripts to do the Static Analysis phase of an SCA Scan
- Use SCA to execute a scan using Cloud Scan
- Scanning source code
- Fortify SCA Audit Workbench – reviewing vulnerabilities
- Integration with Microsoft VSTS
- Integration with Jenkins build solution
- Uploading scan files
- Merging scans
- Cloud scan automation/integration with SCA
- Bug metrics and trends
- Report generation
Features & Benefits
Features
- Obtain source code to scan
- Feed source code to static scanner (Fortify Static Code Analyzer or SCA)
- Generate and analyze results, compare vulnerabilities over multiple scans, reports, etc.
- Add templates, applications and security rules
Benefits
- Fortify works with current development tools and processes to enable automation and speed.
- CI/CD integration makes security scans part of the build and release process, which enables full automation and workflow support.
- Defect management integrations provide transparent remediation for security issues.
- Quickly build secured applications and reduce software risk.
- Take advantage of secure DevOps, developer-driven security, scale secure software and enterprise dynamic application security testing.
Technical Information
Fortify is a suite of tightly integrated solutions for identifying, prioritizing and fixing security vulnerabilities in software. Fortify offers an end-to-end application security solution with the flexibility of testing on the premises and on demand to scale and cover the entire software development lifecycle. This tool automates key processes of developing and deploying secure applications. It helps resolve software vulnerabilities by integrating vulnerability analysis across the entire software life cycle—from development to quality assurance testing and even deployed applications.