Skip to main content
Please sign-in to start using Help Center features

Fortify Hosted Jenkins Environment checks to know and understand the environment

Luis Alonso Salas Peraza
  • Updated

Description
Fortify Hosted Jenkins Environment checks to know and understand the environment.


Resolution

1). What of the following Jenkins Pipeline Jobs are you using:

Fortify Jenkins Plugin | Configuring Fortify Analysis with Pipeline Jobs

• Pipeline Steps to Translate and Scan Remotely

• Pipeline Steps to Translate Locally and Scan Remotely

• Pipeline Steps to Translate and Scan Locally

Reference: 
https://www.microfocus.com/documentation/fortify-jenkins-plugin/231/Jenkins_Plugin_Help_23.1/index.htm#Pipeline/Pipelines.htm?TocPath=Configuring%2520Fortify%2520Analysis%2520with%2520Pipeline%2520Jobs%257C_____0 


Important note: If a Jenkins script was created using manually sourceanalyzer and the SAST commands and did not use the Jenkins plugin, or just using Jenkins to run custom scripts, those are custom scripts that are out of Support scope. Custom Jenkins scripts are not supported.


2). Please provide the following information:

A). Is this the first time you try this project type?
B). Do you have the same behavior with other projects?, for example, a .sln file?
C). May you add to the Jenkins Pipeline script a "show files" stage?, so we can confirm the translate got the ".proj" correctly?
D). Please provide the Jenkins Pipeline and the SSC logs?

Reference:
How to collect Fortify Jenkins build log, ScanCentral logs and project settings
https://support.cyberreshelp.com/hc/en-us/articles/23830590842647-How-to-collect-Fortify-Jenkins-build-log-ScanCentral-logs-and-project-settings 


3). Please identify and send the entire Pipeline script you have in this project.
As a reference this is on example of translating and scanning a Java project locally only.


node {

  stage("FTF Clean"){

  fortifyClean addJVMOptions: '', buildID: 'test', logFile: 'C:\\Program Files\\Fortify\\Fortify_SCA_23.2.0\\Jenkins\\Logs\\Clean'

  }

  stage ("FTF Translate"){

  fortifyTranslate addJVMOptions: '', buildID: 'test', projectScanType: fortifyJava(javaAddOptions: '-debug-verbose -logfile "C:\\Program Files\\Fortify\\Fortify_SCA_23.2.0\\Jenkins\\Logs\\Translate"', javaSrcFiles: '"C:\\Program Files\\Fortify\\Fortify_SCA_23.2.0\\Samples\\eightball\\EightBall.java"', javaVersion: '11')  

  }

  stage ("FTF Show Files"){

  fortifyTranslate addJVMOptions: '', buildID: 'test', projectScanType: fortifyJava(javaAddOptions: '-show-files')   

  }

  stage ("FTF Scan"){

  fortifyScan addJVMOptions: '', buildID: 'test', debug: true, logFile: 'C:\\Program Files\\Fortify\\Fortify_SCA_23.2.0\\Jenkins\\Logs\\Scan', resultsFile: 'C:\\Program Files\\Fortify\\Fortify_SCA_23.2.0\\Jenkins\\Fprs\\Eightball', verbose: true   

  }

  stage ("FTF Upload to SSC"){

  fortifyUpload appName: 'SCA', appVersion: 'Jenkins', filterSet: 'a243b195-0a59-3f8b-1403-d55b7a7d78e6', resultsFile: 'C:\\Program Files\\Fortify\\Fortify_SCA_23.2.0\\Jenkins\\Fprs\\Eightball'

  }

  • There you can see the "show files" stage example.

Related articles