Description
How to collect the logs and config files for each of the CI/CD.
Solution
To clearly scope the issue, it's necessary to collect the following information for further analysis:
1). Language getting scanned
2). CI/CD used (Jenkins, Azure, GitHub, etc.)
3). The whole script used in CI/CD.
4). Entire Logs from CI/CD when the job fails.
The following articles describes how to collect the script and logs depending on the CI/CD being used:
1). ScanCentral
Enabling debug mode on ScanCentral and the SCA sensor for more detail information use:
How to collect Scancentral packaging and start scan logs in debug mode
How to add debug mode for SCA sensor logs when running Scancentral upload command
2). Azure DevOps Pipeline (ADO)
How to collect Fortify Hosted ScanCentral SAST Assessment Azure Dev Ops Agent job log and YAML file
3). Jenkins
How to collect Fortify Jenkins build log, ScanCentral logs and project settings