Hi, I would like to release Fortify plugin 2.1.Main change compared to previous version is that rule definitions are embedded in the plugin (so no more need to reference uncompressed rulepacks). 6 issues have been solved https://jira.codehaus.org/secure/ReleaseNote.jspa?projectId=13236&version=20394 You can test using this SNAPSHOT: Known issues
Mapping of Fortify vulnerabilities severity to SonarQube severity is very basic. Fortify filter templates are not considered.
Vote open to everybody for 72 hours. [ ] +1 [ ] +0 [ ] -1 Regards, Julien |
Julien, If rule definitions are embedded in the plugin, and HP Security Research releases four rulepack updates a year (which they do), how will the Sonar plugin handle rule definition updates? The last rulepack update introduced several new categories of issue. How would something like this be handled? —Steve On April 30, 2015 at 9:34:32 AM, Julien HENRY ([hidden email]) wrote:
|
Hi Steve, Like for other SonarQube plugin (checkstyle, PMD, ...) a new release of the SQ Fortify plugin will have to be done to embed updated rule definitions.++ 2015-04-30 18:15 GMT+02:00 Steve Springett <[hidden email]>:
|
Vote has passed by lazy consensus. I'll continue with the release. 2015-04-30 18:28 GMT+02:00 Julien HENRY <[hidden email]>:
|
Free forum by Nabble | Edit this page |