Fortify SSC Snyk integration overview
Integrate the Snyk plugin with Micro Focus Fortify Software Security Center (Fortify SSC) and obtain a unified view of your open source security vulnerabilities.
Combining the two sources provides a more accurate view of the overall application portfolio security posture, and also naturally tracks that posture over time as vulnerabilities are fixed or introduced.
The Snyk parser plugin converts your Snyk scan results into a format that Fortify SSC can read and display.
How it works
The Snyk plugin parses scanned results from Snyk and then feeds those results into Fortify SSC. In this way, you can view, monitor and manage your open source vulnerabilities in a single view.
To display Snyk data from the Fortify app:
- The user runs a Snyk scan on a project from the CLI, generating a .json report.
- The user uploads the report to Fortify SSC.
- The plugin parses the results and feeds them to Fortify, for the application project.
- The Snyk scan results are displayed from Fortify and the user can view and track data from the Fortify SSC app user interface (UI).
Fortify SSC and Snyk—an overview of the SSC feed
Once Snyk data is imported to the Fortify SSC app, navigate to the Audit tab to view the data. Each row of imported Snyk data is displayed in the Fortify feed with the Analysis Type SNYK and appears similar to the following image:
Expanding a specific vulnerability reveals detailed information as in the following example: