Fortify on Demand plugin

With the XL Release Fortify on Demand plugin, you can check your application compliance rating in Fortify on Demand, directly from the XL Release user interface.

Features

  • Create a Fortify on Demand: Check Compliance task
  • Configure a Fortify on Demand Summary tile

Requirements

The Xl Release Fortify on Demand plugin requires the following:

  • Fortify on Demand server running and accessible via HTTP(s)

Set up a Fortify on Demand server

There are two locations where you can define a Fortify on Demand: Server configuration:

  • On a global level in Settings > Shared configuration
  • On a folder level in Design > Folders, under the Configuration tab of the desired folder

To set up a connection to a Fortify on Demand server:

  1. In XL Release, go to one of the two specified locations.
  2. Click Add button next to the Fortify on Demand: Server.
  3. In the Title field, specify a name for your Fortify on Demand server.
  4. In the URL field, specify the URL where to connect to the Fortify on Demand server. Example: https://api.emea.fortify.com.
  5. In the Username and Password fields, specify the login user name and password of the user on the server. The Username field must contain a tenant ID and the username. Example: organization\myUsername.
  6. If you are using a proxy connection, specify the host, port, username, and password in the Proxy section.
  7. To test the server connection, click Test.
  8. Click Save.

Add Fortify on Demand server

Create a Fortify on Demand: Check Compliance task

The Fortify on Demand: Check Compliance task type verifies if the the Minimum Security Rating for you application is reached on the Fortify on Demand server. If the Minimum Security Rating required for the application to pass the compliance check is not reached, the task fails.

To add a Fortify on Demand: Check Compliance task:

  1. In the release flow view of a release or template, add a task of the type Fortify on Demand > Check Compliance.
  2. Open the added task and in the Server field, select the Fortify on Demand server connection.
  3. In the Application Name field, enter the name of your application from the Fortify on Demand server.
  4. In the Release field, enter the release version of your application from the Fortify on Demand server.
  5. In the Minimum Security Rating field, add the minimum rating that is required for your application to pass compliance. The default value is 5.

Add Fortify on Demand compliance task

Create a Fortify on Demand Summary tile

The Fortify on Demand Summary tile type creates a dashboard tile that displays the details of your selected application from the Fortify on Demand server.

To configure a Fortify on demand Summary tile:

  1. Go to the release dashboard view of a release or to a custom dashboard from the Dashboards menu.
  2. Click Configure > Add tile > Fortify on Demand Summary.
  3. Click the gear icon to configure the added tile.
  4. In the Server field, select an existing Fortify on Demand server configuration.
  5. In the Application Name field, enter the name of your application from the Fortify on Demand server.
  6. In the Release field, enter the release version of your application from the Fortify on Demand server.
  7. Click Save.

The tile displays the information of your application from the Fortify on Demand server or an error message if an error occurs.

Fortify on Demand tile

Release notes

XL Release Fortify on Demand plugin 9.0.0

  • Added compatibility with XL Release 9.0.0

XL Release Fortify plugin 8.5.1

Bug fixes

  • [XLINT-460] - Change shared configuration authentication category order

XL Release Fortify plugin 8.5.0

  • Added the Fortify on Demand application compliance tile