Micro Focus Fortify Plugins for Eclipse

Software Version: 21.2.0


User Guide


Document Release Date: November 2021 Software Release Date: November 2021



Legal Notices

Micro Focus The Lawn

22-30 Old Bath Road Newbury, Berkshire RG14 1QN UK

https://www.microfocus.com

Warranty

The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.

Restricted Rights Legend

Confidential computer software. Except as specifically indicated otherwise, a valid license from Micro Focus is required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.


Copyright Notice

© Copyright 2009 - 2021 Micro Focus or one of its affiliates

Trademark Notices

All trademarks, service marks, product names, and logos included in this document are the property of their respective owners.

Documentation Updates

The title page of this document contains the following identifying information:


This document was produced on November 10, 2021. To check for recent updates or to verify that you are using the most recent edition of a document, go to:

https://www.microfocus.com/support/documentation


Contents


Preface                                           8 Contacting Micro Focus Fortify Customer Support                      8 For More Information                                   8 About the Documentation Set                               8 Fortify Product Feature Videos                               8


Change Log                                          9


Chapter 1: Introduction                                   10 Fortify Plugin for Eclipse                                 10 Fortify Remediation Plugin for Eclipse                           10

Related Documents                                    11 All Products                                      11 Micro Focus Fortify ScanCentral SAST                          12 Micro Focus Fortify Software Security Center                       12 Micro Focus Fortify Static Code Analyzer                         13


Chapter 2: Using the Eclipse Complete Plugin                      14

About Installing the Eclipse Complete Plugin                   14 Installing the Eclipse Complete Plugin from Eclipse                 15 Installing the Eclipse Complete Plugin from an Update Site              16 Posting the Eclipse Complete Plugin to an Internal Update Site           16 Installing the Eclipse Complete Plugin from an Update Site            16

About Re-installing After Upgrading Fortify SCA and Applications from Fortify Audit Workbench                                    17 Managing the License                               17 Uninstalling the Eclipse Complete Plugin                       17

Fortify Software Security Content                            18 Configuring Security Content Updates                         18 Updating Security Content                              20 Manually Updating Security Content                          21 Importing Custom Security Content                          21



About Analyzing the Source Code                            21

About Scanning Locally                               22 About Quick Scan Mode                              22 Configuring Local Analysis Options                          23 Configuring Advanced Local Analysis Options                     24 Configuring Analysis Options for Specific Projects                   26 Viewing the Resources and Classpath to be Scanned                  26 Scanning Projects Locally                              27 Scanning Individual Files and Packages                      27 Rescanning Projects                                27 Disabling Merging Scan Results for all Projects                   27 Disabling Merging Scan Results for a Specific Project                 28

About Scanning with Fortify ScanCentral SAST                     28 Configuring Fortify ScanCentral SAST Options                   29 Scanning Projects with ScanCentral SAST                      32

Running an Advanced Analysis                              33

About Viewing Analysis Results                               41 Static Analysis Results View                                43 Filter Sets                                       43 Specifying the Default Filter Set                            44 Folders (Tabs)                                    44 Group By List                                     46 Specifying the Default Issue Grouping                         46 Sorting Issues                                     46 Search Box                                      47 Project Summary View                                  48 Summary Tab                                     48 Certification Tab                                   48 Build Information Tab                                 49 Analysis Information Tab                               49 Viewing Summary Graph Information                         49 Analysis Trace View                                   53 Issue Auditing View                                   55 Audit Tab                                      55 Details Tab                                      57 WebInspect Agent Details Tab                             57 Recommendations Tab                                58 History Tab                                      58



Diagram Tab                                     58 Filters Tab                                      59 Warnings Tab                                    60 Viewing Issues in the Source Code                            61

Working with Issues                                  61 Filtering Issues with Audit Guide                            61 Grouping Issues                                   63 Creating a Custom Group By Option                        65 Evaluating Issues                                  67 Performing Quick Audits                              67 Performing Quick Audits for Custom Tags                      68 Adding Screen Captures to Issues                           69 Viewing Images                                  69 Creating Issues for Undetected Vulnerabilities                      69 Suppressing Issues                                  70 Creating Attribute Summary Tables for Multiple Issues                  70 Customizing the Static Analysis Results View                      72 Submitting an Issue as a Bug                             74 Integrating with a Bug Tracker Application                     75 Configuring Proxy Settings for Bug Tracker Integration                76

Searching for Issues                                   76 Search Modifiers                                   77 Search Query Examples                                84 Performing Simple Searches                              84 Performing Advanced Searches                            85

Generating Reports                                   87 Generating Legacy Reports                              87 Legacy Report Templates                               88 Selecting Legacy Report Sections                           88 Opening Legacy Report Templates                           88 Editing Legacy Report Subsections                           89 Editing Text Subsections                              90 Editing Results List Subsections                          91 Editing Chart Subsections                             92 Saving Legacy Report Templates                           92 Saving Changes to Legacy Report Templates                    92 Report Template XML Files                              93 Adding Legacy Report Sections                           93



Adding Report Subsections                             94 Adding Text Subsections                              94 Adding Results List Subsections                          95 Adding Charts Subsections                             95

Configuring a Connection to Fortify Software Security Center              96 Logging in to Fortify Software Security Center                   97 Synchronizing with Fortify Software Security Center                 98 Scheduling Synchronization                           99 Refreshing Permissions from Fortify Software Security Center             99

Working with Audit Projects                               99 Opening an Audit Project                              100 Opening an Existing Audit                              100 Opening Audit Projects Without the Default Filter Set                  100 Exporting an Audit Project                              101 Merging Audit Data                                 101 Performing a Collaborative Audit                           102 Uploading Audit Results to Fortify Software Security Center              102

About Issue Templates                               103 Configuring Custom Filter Sets and Filters                       104 Creating a New Filter Set                             105 Creating a Filter from the Static Analysis Results View                105 Creating a Filter from the Issue Auditing View                    106 Copying a Filter from One Filter Set to Another                   107 Committing Filter Sets and Folders                        107 Synchronizing Filter Sets and Folders                       108 Setting the Default Filter Set                           109 Managing Folders                                 109 Creating a Folder                                110 Adding a Folder to a Filter Set                           111 Renaming a Folder                                112 Removing a Folder                                112 Configuring Custom Tags for Auditing                        113 Adding a Custom Tag                              113 Hiding a Custom Tag                               115 Committing Custom Tags to Fortify Software Security Center            116 Synchronizing Custom Tags with Fortify Software Security Center          116 Issue Template Sharing                               117 Exporting an Issue Template                           117



Importing an Issue Template                          117

Troubleshooting                                  118 Resolving the Java OutOfMemory Message                      118 Resolving Scan Failures Due to Insufficient Memory                  118 Saving a Project That Exceeds the Maximum Removed Issues Limit           119 Using the Debug Option                              119 Locating Log Files                                120


Chapter 3: Using the Eclipse Remediation Plugin                    121

Installing the Eclipse Remediation Plugin                     121 Installing the Eclipse Remediation Plugin Locally                  121 Installing the Eclipse Remediation Plugin from an Update Site             122 Posting the Eclipse Remediation Plugin to an Internal Update Site         122 Installing from an Update Site                        122

Uninstalling the Eclipse Remediation Plugin from Eclipse              123 Opening a Fortify Software Security Center Application Version           123

Viewing Analysis Results from Fortify Software Security Center               125 Issues List                                       125 Grouping and Viewing Issues                            126 Customizing the Issues List                             127 Audit Tab                                       128 Assigning Users to Issues                              128 Assigning Tags to Issues                              128 Adding Comments to Issues                             129 Recommendations Tab                                 129 Details Tab                                      129 History Tab                                      130

Locating the Source Code Associated with Issues                   130

Generating and Downloading Reports                         131 Generating Reports                               131 Downloading Reports from Fortify Software Security Center              131


Send Documentation Feedback                             132

Preface


Preface


Contacting Micro Focus Fortify Customer Support

Visit the Support website to: