Stack Overflow
Stack Overflow

Questions tagged [fortify]

Use this tag only for Fortify, the software application security products and services from Micro Focus. For Laravel Fortify, use the [laravel-fortify] tag. For -DFORTIFY_SOURCE, use the [fortify-source] tag.

Fortify is a business unit of Micro Focus, formerly within Hewlett Packard Enterprise. Fortify provides software products and services for application security in development, and for websites and mobile applications.

Micro Focus Fortify Software Security Center is a suite of application security analysis and management products for deployment on premise.

Fortify on Demand provides application security services remotely.

Useful Links

Frequently Asked Questions

People often ask these questions about Fortify:

899 questions
56
votes
4 answers

How does Fortify software work?

Fortify is a SCA used to find the security vulnerabilities in software code. I was just curious about how this software works internally. I know that you need to configure a set of rules against which the code will be run. But how exactly it is able…
Newbie
  • 2,979
  • 9
  • 34
  • 41
28
votes
1 answer

Gradle build stuck at "Waiting to acquire shared lock on daemon addresses registry."

I'm currently using HP Fortify tool to scan for security vulnerabilities in a project. At the time of scanning Fortify's CLI allows build tools to integrate into its CLI commands so as to build and simultaneously scan the files present in the…
Sekhar Routray
  • 393
  • 3
  • 7
20
votes
6 answers

Fortify command line usage

Has anyone used command line to run fortify? I tryin to incorporate fortify run in my CI build and I dont know how to do it.
alice7
  • 3,834
  • 14
  • 64
  • 93
19
votes
12 answers

How to fix "Path Manipulation Vulnerability" in some Java Code?

The below simple java code getting Fortify Path Manipulation error. Please help me to resolve this. I am struggling from long time. public class Test { public static void main(String[] args) { File file=new File(args[0]); } }
mohan
  • 235
  • 1
  • 2
  • 3
18
votes
4 answers

upgrade to SnakeYaml 1.31 in spring-boot-starter-parent 2.7.3

Have springboot project in which wanted to either exclude snakeyaml 1.30 or upgrade it 1.31 inorder to avoid fortify issue reporting with snakeyaml 1.30 version there is security vulnerability
Syed Rafi
  • 825
  • 2
  • 12
  • 35
17
votes
6 answers

target [Laravel\Fortify\Contracts\RegisterViewResponse] is not instantiable

i'm have a router register but i found error Target [Laravel\Fortify\Contracts\RegisterViewResponse] is not instantiable.
Riki krismawan
  • 503
  • 1
  • 3
  • 10
16
votes
4 answers

Best option to store hardcoded domain names in web application

I have web application where I refer to file names with domain names. Where can I add these domain names and call them from. When I run tools like fortify to check for security issues and standards it always warns me not to keep hard coded domain…
Kurkula
  • 6,386
  • 27
  • 127
  • 202
14
votes
1 answer

Difference between Fortify SCA and Fortify SSC

What is the difference between Fortify SCA and Fortify SSC. Is there any difference between the reports generated by these softwares. I am aware that Fortify SSC is a web-based app. Can I use Fortify SCA as a web-based app as well?
ѕтƒ
  • 3,547
  • 10
  • 47
  • 78
14
votes
3 answers

Fortify Error : "No rules file found"

When I run a Fortify analysis against a Java project I receive this error : [warning]: No rules files found [error]: No rules files found Where can I configure the rules file ?
blue-sky
  • 51,962
  • 152
  • 427
  • 752
13
votes
3 answers

Does this usage of strncmp contain an out of bounds read?

Fortify indicates that this is an out of bounds read: if (strncmp("test string", "less than 32 char", 32) == 0) { ... } It says that the function reads data from outside the bounds of less than 32 char. Is there really a finding if strncmp goes…
Engineer2021
  • 3,288
  • 6
  • 29
  • 51
12
votes
2 answers

How to Prevent XML External Entity Injection on TransformerFactory

My problem: Fortify 4.2.1 is marking below code as susceptible for XML External Entities attack. TransformerFactory factory = TransformerFactory.newInstance(); StreamSource xslStream = new StreamSource(inputXSL); Transformer transformer =…
Ravi Ranjan
  • 740
  • 2
  • 10
  • 31
12
votes
4 answers

log forging fortify fix

I am using Fortify SCA to find the security issues in my application (as a university homework). I have encountered some 'Log Forging' issues which I am not able to get rid off. Basically, I log some values that come as user input from a web…
Alina Danila
  • 1,683
  • 1
  • 24
  • 60
11
votes
6 answers

Laravel Fortify Customize Authentication Redirect

In Laravel fortify on customization authentication process, i can not able to redirect to login page with error message which we were able to do in Auth. Here is the customization documentation link:…
SK Toke
  • 314
  • 1
  • 3
  • 7
11
votes
3 answers

Difference between SonarQube and Fortify?

Can someone tell me what is the difference between SonarQube and Fortify? Both are static code analysis tool. I found out Fortify is more inclined towards security as it gives information about vulnerabilities included in OWASP, SANS etc. SonarQube…
user3847894
  • 986
  • 4
  • 16
  • 37
11
votes
4 answers

Fortify high: Access specifier manipulation on reflection that is used to invoke a private constructor

I used reflection to invoke a private constructor of a class in order to solve insufficient branch coverage issue shown by sonar scan report. This is the snippet of my code I was working: // reflection to access a private constructor of a class …
Vijaya Pandey
  • 4,252
  • 5
  • 32
  • 57
1
2 3
59 60