FortifyVulnerabilityExporter

Fortify Application Security provides your team with solutions to empower DevSecOps practices, enable cloud transformation, and secure your software supply chain. As the sole Code Security solution with over two decades of expertise and acknowledged as a market leader by all major analysts, Fortify delivers the most adaptable, precise, and scalable AppSec platform available, supporting the breadth of tech you use and integrated into your preferred toolchain. We firmly believe that your great code demands great security, and with Fortify, go beyond 'check the box' security to achieve that.

Deprecation Notice

With all of the FortifyVulnerabilityExporter functionality now having been integrated into fcli v3.x and above (see the fcli ssc action and fcli fod action commands), FortifyVulnerabilityExporter is considered deprecated and is no longer being actively maintained. Please start migrating any FortifyVulnerabilityExporter-based functionality like pipeline integrations to use fcli instead. If you encounter any fcli limitations that prevent you from migrating, please raise an issue on the fcli issue tracker.

For the foreseeable future, we do not plan on removing this repository or any of the releases, allowing customers to gradually migrate to fcli. However, we will no longer accept any enhancement or bug fix requests for FortifyVulnerabilityExporter.

Introduction

FortifyVulnerabilityExporter allows for exporting vulnerabilities from Fortify on Demand and Fortify Software Security Center to the following third-party products and output formats:

• GitHub Integration
• GitLab Integration
• BitBucket Integration
• DefectDojo Integration
• SonarQube Integration
• CSV Export
• JSON Export

Please review the information in the following sections before integrating FortifyVulnerabilityExporter into your SDLC:

• Raw or Audited Results
• Generic Usage
• CI/CD Integration

Resources

• Usage: USAGE.md
• Downloads: https://github.com/fortify/FortifyVulnerabilityExporter/releases
  • Development releases may be unstable or non-functional. The *-thirdparty.zip file is for informational purposes only and does not need to be downloaded.
• Docker images: https://hub.docker.com/repository/docker/fortifydocker/fortify-vulnerability-exporter
  • latest and stable tags point to the latest production release
  • vX.Y.Z and X.Y.Z tags point to the given patch release
  • vX.Y and X.Y tags point to the latest patch release of the given minor release
  • vX and X tags point to the latest minor and patch release of the given major release
  • dev_<branch> tags point to the latest development release for a given branch
  • latest_rc tag points to the latest development release on the main branch
• Source code: https://github.com/fortify/FortifyVulnerabilityExporter
• Automated builds: https://github.com/fortify/FortifyVulnerabilityExporter/actions
• Contributing Guidelines: CONTRIBUTING.md
• Code of Conduct: CODE_OF_CONDUCT.md
• License: LICENSE.txt

Support

For general assistance, please join the Fortify Community to get tips and tricks from other users and the OpenText team.

OpenText customers can contact our world-class support team for questions, enhancement requests and bug reports. You can also raise questions and issues through your OpenText Fortify representative like Customer Success Manager or Technical Account Manager if applicable.

You may also consider raising questions or issues through the GitHub Issues page (if available for this repository), providing public visibility and allowing anyone (including all contributors) to review and comment on your question or issue. Note that this requires a GitHub account, and given public visibility, you should refrain from posting any confidential data through this channel.

---

This document was auto-generated from README.template.md; do not edit by hand