Micro Focus

Fortify Plugins for JetBrains IDEs and Android Studio

Software Version: 21.2.0


User Guide


Document Release Date: November 2021 Software Release Date: November 2021



Legal Notices

Micro Focus The Lawn

22-30 Old Bath Road Newbury, Berkshire RG14 1QN UK

https://www.microfocus.com

Warranty

The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.

Restricted Rights Legend

Confidential computer software. Except as specifically indicated otherwise, a valid license from Micro Focus is required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.


Copyright Notice

© Copyright 2012 - 2021 Micro Focus or one of its affiliates

Trademark Notices

All trademarks, service marks, product names, and logos included in this document are the property of their respective owners.

Documentation Updates

The title page of this document contains the following identifying information:


This document was produced on November 04, 2021. To check for recent updates or to verify that you are using the most recent edition of a document, go to:

https://www.microfocus.com/support/documentation


Contents


Preface                                           5 Contacting Micro Focus Fortify Customer Support                      5 For More Information                                   5 About the Documentation Set                               5 Fortify Product Feature Videos                               5


Change Log                                          6


Chapter 1: Introduction                                  7 About Fortify Plugins for JetBrains IDEs and Android Studio                7

Related Documents                                    8 All Products                                      8 Micro Focus Fortify ScanCentral SAST                          9 Micro Focus Fortify Software Security Center                       9 Micro Focus Fortify Static Code Analyzer                         10


Chapter 2: Using the Fortify Analysis Plugin                        11

About the Fortify Analysis Plugin Installation                       11 Installing the Fortify Analysis Plugin                         11 Uninstalling the Fortify Analysis Plugin                        12

Fortify Security Content                               12 Updating Fortify Security Content                          13 Updating Fortify Security Content on a Network that uses a Proxy Server         13

About Analyzing the Source Code                            14

About Scanning Locally                               14 Setting Memory for Code Analysis                          15 Setting the Query Language Type                          15 Selecting the Fortify Security Content to Apply During Analysis             15 Using Quick Scan Mode                              16 Excluding Dependent Modules from Analysis                     16 Specifying Additional Fortify Static Code Analyzer Options               17 Synchronizing with Fortify Software Security Center                  18



Scanning Projects Locally                              18 Performing an Advanced Local Scan                         20

About Scanning with Fortify ScanCentral SAST                    23 Configuring Fortify ScanCentral SAST Options                   24 Scanning Projects with Fortify ScanCentral SAST                  27 Performing an Advanced Scan with Fortify ScanCentral SAST             28

Uploading Analysis Results to Fortify Software Security Center              32 Locating Analysis Plugin Log Files                          33


Chapter 3: Using the Fortify Remediation Plugin                     34

About the Fortify Remediation Plugin Installation                    34 Installing the Fortify Remediation Plugin                       34 Uninstalling the Fortify Remediation Plugin                      35

Opening Fortify Software Security Center Application Versions            35

Viewing Audit Results                                   36 Grouping and Selecting Issues                             37 Grouping Issues                                    38

Viewing Issue Information                                  39 Audit Tab                                        39 Recommendations Tab                                  40 Details Tab                                        40 History Tab                                       41

Assigning Users to Issues                                 41 Assigning Tags to Issues                                 41 Adding Comments to Issues                                42 Customizing Issue Visibility                                42

Searching for Issues                                    43 Search Modifiers                                    43

Locating Issues in your Source Code                          49 Locating Remediation Plugin Log Files                         49


Send Documentation Feedback                              50

Preface


Preface


Contacting Micro Focus Fortify Customer Support

Visit the Support website to:

<userhome>/.fortify/IntelliJRemediation-<version>/log

Send Documentation Feedback

If you have comments about this document, you can contact the documentation team by email.


Note: If you are experiencing a technical issue with our product, do not email the documentation team. Instead, contact Micro Focus Fortify Customer Support at https://www.microfocus.com/support so they can assist you.

If an email client is configured on this computer, click the link above to contact the documentation team and an email window opens with the following information in the subject line:

Feedback on User Guide (Fortify Plugins for JetBrains IDEs and Android Studio 21.2.0)

Just add your feedback to the email and click send.

If no email client is available, copy the information above to a new message in a web mail client, and send your feedback to fortifydocteam@microfocus.com.

We appreciate your feedback!