Developers usually use the following two Fortify IDE plugins (Fortify Security Assistant and Fortify Remediation). They can alternatively use Fortify SSC and Fortify Audit Workbench:
-
Fortify Security Assistant plugin
- Local SAST Real-time Spell checker IDE plugin.
-
Eclipse
- Using the OpenTextâ„¢ Fortify Security Assistant Plugin for Eclipse (microfocus.com) - Fortify_SecurityAssistant_Eclipse_Plugin_<version>.zip (available in the Fortify Hosted Support Hub )
- Visual Studio
- JetBrains (IntelliJ IDEA, AndroidStudio, PyCharm, WebStorm)
-
Eclipse
- Local SAST Real-time Spell checker IDE plugin.
-
Fortify Remediation plugin
- It's an IDE plugin used to connect to Fortify SSC, download the Fortify ScanCentral SAST results (FPR file) and review/auditing the vulnerabilities.
-
Eclipse
- Installing the Fortify Remediation Plugin for Eclipse - from the update site https://tools.fortify.com/ssceclipseplugin .
-
Visual Studio
- Installing Fortify Extension for Visual Studio (microfocus.com) - the Fortify Applications and Tools (Fortify_Tools_XX.X.X) installation file (available in the Fortify Hosted Support Hub )
- Remediating Results from Fortify Software Security Center
-
JetBrains (IntelliJ IDEA, AndroidStudio, PyCharm, WebStorm)
- Installing the Fortify Remediation Plugin (microfocus.com)- Install the plugin either directly from the Marketplace in the IDE Settings dialog box or manually from a ZIP file downloaded from the JetBrains Plugin Marketplace: Fortify Remediation - IntelliJ IDEs Plugin | Marketplace (jetbrains.com)
- Fortify Remediation Plugin for IntelliJ IDEA and Android Studio
-
Eclipse
- It's an IDE plugin used to connect to Fortify SSC, download the Fortify ScanCentral SAST results (FPR file) and review/auditing the vulnerabilities.
-
Fortify SSC
- This is the central web management application that allows a customer to manage their enterprise application security program, including review and auditing the SAST scan results.
-
Fortify Audit Workbench
- It's a Fortify Desktop GUI used to connect to Fortify SSC, download the Fortify ScanCentral SAST results (FPR file) and review/auditing the vulnerabilities
- Fortify Audit Workbench is included in the Fortify SCA installation - Fortify_SCA_and_Apps_XX.X.X installation file (available here)