Product
LET’S SCALE YOUR APPLICATION SECURITY BY AUTOMATING REPETITIVE, BUT NECESSARY TASKS

Our platform helps you run an effective application security pipeline without compromising on development speed.

View the Uleska Product

Pricing
GET STARTED WITH THE ULESKA PLATFORM TODAY FOR FREE.

Let’s start optimising your DevSecOps journey.

View Uleska Pricing

Resources
In-Depth Resources

View Uleska downloads and Case studies to understand how we have helped others

View Uleska Resources

BROWSE OUR BLOG

Browse our range of useful blogs and articles.

View Uleska Blog

Docs
Uleska Docs

All the information you need to know for Uleska documentation

View Uleska Docs

Search the Uleska site

    Sign in

    Open Mobile Menu Close Mobile Menu
    Product
    LET’S SCALE YOUR APPLICATION SECURITY BY AUTOMATING REPETITIVE, BUT NECESSARY TASKS

    Our platform helps you run an effective application security pipeline without compromising on development speed.

    View the Uleska Product

    Pricing
    GET STARTED WITH THE ULESKA PLATFORM TODAY FOR FREE.

    Let’s start optimising your DevSecOps journey.

    View Uleska Pricing

    Resources
    In-Depth Resources

    View Uleska downloads and Case studies to understand how we have helped others

    View Uleska Resources

    BROWSE OUR BLOG

    Browse our range of useful blogs and articles.

    View Uleska Blog

    Docs
    Uleska Docs

    All the information you need to know for Uleska documentation

    View Uleska Docs

    Fortify on Demand

    2What is Fortify on Demand?

    Fortify on Demand is the online service provided by the Uleska partner Micro Focus which incorporates their static (Static Code Analyzer) and dynamic (WebInspect) analysis security tools. This is a commercial service provided by MicroFocus.

    To use Uleska with Fortify on Demand, you will need to have your own Fortify on Demand licenses. Contact Micro Focus for a discussion on their services and licenses, or you can contact Uleska (as a Micro Focus partner) for advice and help to obtain the right licenses for your company.

    Security Stage SAST, DAST (Static Code Analysis, Dynamic Analysis)
    Type Commercial
    Languages Most languages are covered (see https://www.microfocus.com/en-us/fortify-languages )
    Site https://www.microfocus.com/en-us/cyberres/application-security/fortify-on-demand

     

    Pre-requisites

    1 You'll need a Git address or URL to scan
    2 You'll need a license for FortifyOnDemand

     

    How do I set it up?

    You can use the Uleska Platform to extract results from Fortify on Demand. To configure, the first act is to setup a 'Connection' for the Fortify on Demand server and configuration you have been allocated by Micro Focus.

    • To set up a Connection, click on the 'Configuration' tab on the left hand side of the UI. If you do not have a 'Configuration' side, you may not have the role permissions to set this connection up, therefore speak to your administrator.
    • In the Configuration screen, click on the 'Connections' tab, and click on 'Add Connection'
    • This will let you configure different types of connections for various tools. Choose the 'Fortify on Demand' option in the top drop down box.
    • Enter the configuration details for your instance and tenant of the Fortify on Demand service:

    FodSetup

    • Now that you have your Fortify on Demand connection setup, click on the application you wish to add the tool for, and edit the version (stage) configuration.

    FOD_EditStage

    • Given that the Uleska Fortify on Demand adaptor currently extracts existing test results from the server, the Uleska system does not currently need to be setup with a Uri or Source Code Origin, instead the Uleska system connects with the Fortify on Demand system and uses the configuration Application Name (for this current application) to extract the latest results. Therefore you need to ensure your Application Name matches the name you have configured in Fortify on Demand.

    • Go to the 'Test Tools' tab and click 'Add Tool' for the 'Fortify on Demand' tool.

    FortifySetup

    • Click Save.

    Now any time you click 'Test Now' for that application stage of testing, or make a request over the Uleska API or CLI for that stage, the Uleska will extract the latest SAST and DAST results for the configuration application. Any results added to your vulnerabilities list.

    Notes

    Currently, the Fortify on Demand adaptor will extract results for your application from the online service. It does not currently invoke (start running) the testing. This feature will be coming in a future version.