Comments (3)
This is for Bitbucket Cloud/Bitbucket Pipelines. I was looking for either direct Bitbucket Server support for Code Insights where I can post a report and its results as documented here: https://developer.atlassian.com/server/bitbucket/how-tos/code-insights/ having Jenkins post the report back to the Bitbucket Server pull request would also work, are there any samples for Jenkins?
from fortifyvulnerabilityexporter.
This is for Bitbucket Cloud/Bitbucket Pipelines. I was looking for either direct Bitbucket Server support for Code Insights where I can post a report and its results as documented here: https://developer.atlassian.com/server/bitbucket/how-tos/code-insights/ having Jenkins post the report back to the Bitbucket Server pull request would also work, are there any samples for Jenkins?
I currently don't have any plans for adding support for Bitbucket Server due to other priorities and because BitBucket Server seems to be End of Life according to https://www.atlassian.com/software/bitbucket/enterprise. However, you can try creating a custom FortifyVulnerabilityExporter configuration file for generating Bitbucket Server Code Insights reports; if necessary Fortify Professional Services may be able to assist with this.
Documentation for generating arbitrary JSON content using FortifyVulnerabilityExporter is available here: https://github.com/fortify/FortifyVulnerabilityExporter#json-export. Since Bitbucket Server Code Insights reports seem to be quite similar to Bitbucket Cloud Code Insights reports, you can use the existing Bitbucket Cloud configuration files as a starting point:
- For Fortify on Demand:
- For Fortify SSC:
You would basically create a new YAML file that combines the contents of both configuration files listed above for either FoD or SSC, and then adjust the output format to match the required Bitbucket Server Code Insights JSON report and annotation format. You can then use curl commands to upload the report and annotations to BitBucket Server, similar to how this is done for Bitbucket Cloud: https://bitbucket.org/fortifysoftware/bb-sample-eightball/src/b89962305fe55c291bc378c451491e140ee832a6/bitbucket-pipelines-cmds.yml#lines-15
from fortifyvulnerabilityexporter.
BitBucket documentation has been added in latest commits
from fortifyvulnerabilityexporter.
Related Issues (20)
- javax.validation.ConstraintDeclarationException: HV000170: No JSR-223 scripting engine could be bootstrapped for language "javascript HOT 2
- How to disable SSC URL link within GITLAB-SSC integration using Vulnerability Exporter container. HOT 2
- Backstage Plugin HOT 3
- Gitlab report not parsing properly HOT 2
- Dockerfile HOT 1
- How to add comments to Gitlab SSC output using custom config? HOT 2
- SSC to Bitbucket config is not working as expected HOT 2
- GitLab: Update schema version
- Add Debricked as SCA option HOT 1
- How to filter for all 10 'OWASP Top 10 2017' in SSC HOT 3
- How to add the actual code snippets for each vulnerability when exporting to Json or Csv? HOT 6
- includeSuppressed HOT 2
- JSON Raw format export issue of Java 8 date/time type
- How to export vulnerabilities to GitHub Security from a local file system (i.e. not using SSC) HOT 2
- Invalid line numbers in GitHub SARIF output under `codeFlows` HOT 2
- fortify-vulnerability-exporter unable to generate report for GitLab HOT 2
- Fail on unknown command-line arguments
- Reconsider ability to process all releases for matching app(s) when using `fod.release.name`/`ssc.version.name` properties
- Fortify SCA SARIF inaccuracy causing poor GitHub Code Scanning experience HOT 17
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fortifyvulnerabilityexporter.