Fortify 是否支持 Python、Scala 和 Apache Spark?
[英]Does Fortify support Python, Scala, and Apache Spark?
问题描述
Does Fortify Supports Python, Scala, and Apache Spark? 
Fortify 是否支持 Python、Scala 和 Apache Spark? If it supports how to scan these codes using Fortify.如果它支持如何使用 Fortify 扫描这些代码。 We need to have compiler to scan C++ code using Fortify.我们需要有编译器来使用 Fortify 扫描 C++ 代码。 This can be done using Microsoft visual studio.这可以使用 Microsoft Visual Studio 来完成。 Similarly should we need to have some plugin to scan Python, Scala, and Spark codes?同样,我们是否需要一些插件来扫描 Python、Scala 和 Spark 代码?
3 个解决方案
解决方案1
1 2017-09-11 11:01:29
Scala was not supported by all major vendors earlier in SAST domain.早期的 SAST 领域并非所有主要供应商都支持 Scala。 I just stumbled across this link ( https://www.lightbend.com/blog/lightbend-and-hpe-announce-new-hpe-fortify-scala-plugin-for-static-application-security-testing-sast ) which says now Microfocus (earlier HPE) supports Scala in SDLC at development phase.我只是偶然发现了这个链接( https://www.lightbend.com/blog/lightbend-and-hpe-announce-new-hpe-fortify-scala-plugin-for-static-application-security-testing-sast )现在 Microfocus(早期的 HPE)在开发阶段支持 SDLC 中的 Scala。
As per the HPE announcement, it says "The preview version of Scala support is available for Fortify customers immediately. General availability (GA) of Scala support is scheduled to be released with release version 17.20 which will be delivered later on in 2017."根据 HPE 的公告,它说“Fortify 客户可以立即获得 Scala 支持的预览版。Scala 支持的一般可用性 (GA) 计划与发布版本 17.20 一起发布,该版本将于 2017 年晚些时候发布。” Link here .链接在这里。
Edit 1: Scala is supported with Fortify version 17.20 but you need to procure Scala plugin and license additionally from Lightbend.编辑 1: Fortify 17.20 版支持 Scala,但您需要另外从 Lightbend 购买 Scala 插件和许可证。 Also Python is a premium language and you need to procure additional license from Microfocus to use the same.此外,Python 是一种高级语言,您需要从 Microfocus 获得额外的许可才能使用它。
解决方案2
0 2017-01-23 13:54:24
Fortify Supports Python but not Scala or Spark, currently. Fortify 目前支持 Python,但不支持 Scala 或 Spark。
Based on this PDF HPE Security Fortify Static Code Analyzer (Dec 2016) in Chapter 12.基于第 12 章中的此 PDF HPE Security Fortify 静态代码分析器(2016 年 12 月) 。
Here is a list of supported languages (second page, left side):以下是支持的语言列表(第二页,左侧):
- ABAP/BSP ABAP/BSP
- ActionScript/MXML (Flex)动作脚本/MXML (Flex)
- ASP.NET, VB.NET, C# (.NET) ASP.NET、VB.NET、C# (.NET)
- C/C++ C/C++
- Classic ASP (w/VBScript)经典 ASP(带 VBScript)
- COBOL COBOL
- ColdFusion CFML冷聚变CFML
- HTML HTML
- Java (including Android) Java(包括安卓)
- JavaScript/AJAX JavaScript/AJAX
- JSP JSP
- Objective-C目标-C
- PHP PHP
- PL/SQL PL/SQL
- Python Python
- T-SQL查询语句
- Ruby红宝石
- Swift迅速
- Visual Basic视觉基础
- VBScript脚本
- XML XML
Scanning Python扫描 Python
To scan Python you do not need a plugin, during the translation phase you would tell SCA were the files are located along with the -python-path option to the import directories.要扫描 Python,您不需要插件,在翻译阶段,您会告诉 SCA 文件是否与导入目录的-python-path选项一起定位。
You can look at more details about scanning Python by looking at the HPE Security Fortify Static Code Analyzer User Guide .您可以通过查看HPE Security Fortify 静态代码分析器用户指南来了解有关扫描 Python 的更多详细信息。
Note: Python is currently considered a premium language, so you need to make sure your SCA license supports scanning Python.注意:Python 目前被认为是一种高级语言,因此您需要确保您的 SCA 许可证支持扫描 Python。
解决方案3
0 2018-04-05 14:49:17
Fortify support python scan. Fortify 支持 python 扫描。 Since it is not compiled, you can directly feed the code to python, it will detect the same, scan and give you the result.由于它没有被编译,你可以直接将代码提供给 python,它会检测到相同的,扫描并给你结果。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.