Fority360 Install and scan

 

Fortify Guild

 

 

1  Install

1.1    Download

          You can download from https://www.fortify.com/ or other places.

 

           Note: this is commercial software, need license

 

1.2   Install

Run exe to install next and next by steps, then ok,you can see bellow, run Audit Workbench

2   Configuration

2.1  Get rules

There is no rulepacks after you install, need to get rules, do like this:

Menu:Options->Options->Server Configuration,set the Rulepack Update Configuration:Proxy Server.

 

 

 

 

Then click Rulepack Management, Click Update Rulepacks to get rules, and then ok.

3     Scan Project

3.1    Step 1

You can do a quickly scan by click Scan Java Project, I preferre to use the Advance scan, as you can choose what you need for youself.

3.2    Step 2

Click the Advance scan, choose the project source code at popup windows,then click ok.

3.3    Step 3

Add the jars which project depends to scan code. Then click Ok.

3.4    Step 4

Choose the jdk version adjust to project. Then click Next> button.

3.5   Step 5

Click Configure Rulepacks … button, select rules and click ok. Then click Next> button.

 

 

3.6   Step 6

Set these values for scan, then click Run scan button, and wait hours…

 

4 Get Rusult

 

After the scan finish, see like this:

 

Get the report by click Reports button

 

Note: Whatever  the issues at scan result need the developers to do a Verify whether they are really a issues.

 

 

 

 

5 Resources

 

 

          https://www.fortify.com/