Skip to content

sda-community-plugins/Fortify-WIE

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
release
release
 
 
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

Fortify WebInspect Enterprise plugin

The Fortify WebInspect Enterprise plugin allows you to execute dynamic application security testing as part of a Deployment Automation workflow.

This plugin is a work in progress but it is intended to provide the following steps:

  • Create Scan from URL - Create a new simple scan from a URL
  • Create Scan from Template - Create a new simple scan from a template
  • Create Scan from Settings File - Create a new simple scan from an uploaded settings file
  • Get Scan Status - Gets the status of a previously initiated scan
  • Create Scan Report - Create a HTML report of a previously initiated scan
  • Export Scan to File - Export a scan to file as FPR, Scan or XML format

Note: this plugin is designed to be used when WebInspect Enterprise has been integrated with Software Security Center.

Installing the plugin

Download the latest version from the release directory and install into Deployment Automation from the Administration\Automation\Plugins page.

Using the plugin

The plugin provides three ways/steps to execute a scan. For each you can provide the name of the Application, Application Version and Security Policy to use. The plugin will attempt to validate each of these. For the Create Scan from URL step you simply need to provide the URL of the running application to scan. For the Create Scan from Template step you need to have created a Scan Template in the WebInspect Enterprise Web Console and know its Id (this will be present in the browsers URL field when you navigate to it). For the Create Scan from Settings File step you need to have downloaded an XML Scan Settings file and (preferably) stored it as a file in a Component Version in Deployment Automation.

It is recommended that a specific Software Security Center (e.g. da_service) user is created for executing the integration. This user will need to be assigned to a Role in the WebInspect Enterprise Console that allows Scans to be executed via the REST API.

You will also need to create three Deployment Automation System Properties called wie.serverUrl that refers to your WebInspect Enterprise URL (e.g. "https://server-name/WIE") and also wie.username and wie.password that refers to the credentials of the user that is going to run the scan..

Building the plugin

To build the plugin you will need to clone the following repositories (at the same level as this repository):

and then compile using the following command

  mvn clean package

This will create a .zip file in the target directory when you can then install into Deployment Automation from the Administration\Automation\Plugins page.

If you have any feedback or suggestions on this template then please contact me using the details below.

Kevin A. Lee

kevin.lee@microfocus.com

Please note: this plugins is provided as a "community" plugin and is not supported by Micro Focus in any way.

About

Fortify WebInspect Enterprise plugin for Micro Focus Deployment Automation

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages