How to integrate HP Fortify code scan with Bamboo CI/CD server?

Do you want to protect your code from Vulnerabilities? Or generate the report for your compliance team in your office before they provide sign off for the pre-production or production release?

A code scan plays a vital role in detecting the memory leakages, vulnerabilities, and/or other possibilities of a cyber attack by scanning our code in detail. It also plays as a compliance standard in large MNC’s before rolling out any production release of a software product.

There are many tools in the market both open source & proprietary that will do our job. Some of the popular tools are HP Fortify Static Code Analyzer, SonarQube, etc.

In this, article, I will show you how you can automate this whole process of scanning the code, and uploading the report to the Fortify Static Code Analyzer portal so that your compliance team can log in to see the report.

Here, I’m going to take an example of the Atlassian Bamboo (CI/CD) integration server for automating the code scan process during the build process. However, steps or commands used in it with respect to code scan remain the same for other integration servers such as Jenkins build pipelines.

Assumptions: I will assume that you have already installed the HP Fortify code scan tool from their site ( https://www.microfocus.com/en-us/products/static-code-analysis-sast/overview) on your server or your dedicated (VM) Virtual Machine so that I can show you specific…