Fortify on Demand is the online service provided by the Uleska partner Micro Focus which incorporates their static (Static Code Analyzer) and dynamic (WebInspect) analysis security tools. This is a commercial service provided by MicroFocus.
To use Uleska with Fortify on Demand, you will need to have your own Fortify on Demand licenses. Contact Micro Focus for a discussion on their services and licenses, or you can contact Uleska (as a Micro Focus partner) for advice and help to obtain the right licenses for your company.
Security Stage | SAST, DAST (Static Code Analysis, Dynamic Analysis) |
Type | Commercial |
Languages | Most languages are covered (see https://www.microfocus.com/en-us/fortify-languages ) |
Site | https://www.microfocus.com/en-us/cyberres/application-security/fortify-on-demand |
1 | You'll need a Git address or URL to scan |
2 | You'll need a license for FortifyOnDemand |
You can use the Uleska Platform to extract results from Fortify on Demand. To configure, the first act is to setup a 'Connection' for the Fortify on Demand server and configuration you have been allocated by Micro Focus.
Given that the Uleska Fortify on Demand adaptor currently extracts existing test results from the server, the Uleska system does not currently need to be setup with a Uri or Source Code Origin, instead the Uleska system connects with the Fortify on Demand system and uses the configuration Application Name (for this current application) to extract the latest results. Therefore you need to ensure your Application Name matches the name you have configured in Fortify on Demand.
Click 'Save'
Create a new Toolkit (or edit an existing one) by following the Creating a Toolkit guide and selecting 'Fortify on Demand' as a tool.
Now any time you click 'Test Now' with that ToolKit, or make a request over the Uleska API or CLI with that ToolKit, the Uleska will extract the latest SAST and DAST results for the configuration application. Any results added to your vulnerabilities list.
Notes
Currently, the Fortify on Demand adaptor will extract results for your application from the online service. It does not currently invoke (start running) the testing. This feature will be coming in a future version.