HP Fortify Scanning Plugin for Xcode

Similar documents
HPE Security Fortify Plugins for Eclipse

HPE Security Fortify Jenkins Plugin

HPE Security Fortify Plugins for Eclipse Software Version: Installation and Usage Guide

HP WebInspect Enterprise

HP AutoPass License Server

HPE Security Fortify WebInspect Runtime Agent

HP ALM Client MSI Generator

HPE Security Fortify WebInspect Enterprise Software Version: Windows operating systems. Installation and Implementation Guide

Micro Focus Fortify Jenkins Plugin

HPE Security Fortify Runtime Application Protection (RTAP)

HPE ALM Client MSI Generator

IDE Connector Customizer Readme

HP D6000 Disk Enclosure Direct Connect Cabling Guide

HPE RDX Utility Version 2.36 Release Notes

HPE Security Fortify Audit Workbench

HPE Storage Optimizer Software Version: 5.4. Support Matrix

Guidelines for using Internet Information Server with HP StorageWorks Storage Mirroring

FedRAMP Fortify on Demand

HPE Security Fortify Runtime

HPE Security ArcSight Connectors

HP UFT Connection Agent

HPE Security ArcSight Connectors

HPE Remote Analysis Agent Software Version: 5.2 Microsoft Windows. Technical Note

HPE Security Fortify Audit Workbench Software Version: User Guide

HPE Security ArcSight SmartConnectors. Format Preserving Encryption Environment Setup Guide

HPE Security ArcSight ESM

HP Data Center Automation Appliance

HPE ALM Excel Add-in. Microsoft Excel Add-in Guide. Software Version: Go to HELP CENTER ONLINE

ALM. What's New. Software Version: Go to HELP CENTER ONLINE

HP Business Availability Center

HP Operations Orchestration Software

HPE Security Fortify WebInspect Runtime Agent

HP Enterprise Collaboration

HP Virtual Connect Enterprise Manager

HP Operations Orchestration Software

HPE Automatic Number Plate Recognition Software Version: Automatic Number Plate Recognition Release Notes

HP Database and Middleware Automation

Universal CMDB. Software Version: Content Pack (CP20) Discovery and Integrations Content Guide - Discovery Activities

HP Operations Orchestration

HPE StoreEver MSL6480 Tape Library Version 5.50 Firmware Release Notes

HP Intelligent Management Center Remote Site Management User Guide

HP Integration with Incorta: Connection Guide. HP Vertica Analytic Database

HP Operations Orchestration

HP Service Test Management

HP Universal CMDB. Software Version: Content Pack (CP18) Discovery and Integrations Content Guide - Discovery Activities

HPE ControlPoint. Software Version: Support Matrix

HPE Operations Agent. License Guide. Software Version: Windows, HP-UX, Linux, Solaris and AIX. Document Release Date: December 2016

HP Enterprise Integration module for SAP applications

HP Operations Orchestration

HPE Storage Optimizer Software Version: 5.4. Best Practices Guide

HP Real User Monitor. Software Version: Real User Monitor Sizing Guide

HP ArcSight Express. Software Version: AE 4.0. Technical Note: ArcSight Express Backup and Recovery

HP-UX Software and Patching Management Using HP Server Automation

Project and Portfolio Management Center

Legal Notices. The information contained herein is subject to change without notice.

HP Network Node Manager ispi Performance for Quality Assurance Software

Release Notes. Operations Smart Plug-in for Virtualization Infrastructure

HP Insight Control for Microsoft System Center Installation Guide

HPE Security ArcSight User Behavior Analytics

HPE 3PAR OS GA Patch 12

HPE Remote Analysis Agent Software Version: 5.3 Microsoft Windows. Technical Note

HPE Operations Bridge Reporter

HP Accelerated iscsi for Multifunction Network Adapters User Guide

IDOL Site Admin. Software Version: User Guide

HP ALM Synchronizer for Agile Manager

HP Automation Insight

External Devices. User Guide

HP Operations Orchestration Software

Connectivity Pack for Microsoft Guide

HP Operations Orchestration

HPE Security ArcSight. ArcSight Data Platform Support Matrix

HPE Moonshot ilo Chassis Management Firmware 1.52 Release Notes

External Devices User Guide

HP ALM. Software Version: patch 2. Business Views Microsoft Excel Add-in User Guide

HP 3PAR OS MU1 Patch 11

HP Operations Orchestration

HP Service Manager. Software Version: 9.41 For the supported Windows and UNIX operating systems. Collaboration Guide

Marvell BIOS Utility User Guide

External Devices User Guide

HP SM Service Catalog-PPM Center Project Proposal Integration Solution

Advanced HP Application Lifecycle Management 12.x.Software

NonStop Development Environment for Eclipse 4.0 Debugging Supplement

HP Project and Portfolio Management Center

SiteScope Adapter for HP OpenView Operations

HP StorageWorks Enterprise Virtual Array 4400 to 6400/8400 upgrade assessment

Installation Guide. OMi Management Pack for Microsoft Skype for Business Server. Software Version: 1.00

HPE Security Fortify Static Code Analyzer Tools

External Devices User Guide

HP Data Protector Integration with Autonomy IDOL Server

Guest Management Software V2.0.2 Release Notes

OMi Management Pack for Microsoft SQL Server. Software Version: For the Operations Manager i for Linux and Windows operating systems.

Configuring Security Mitigation Settings for Security Bulletin HPSBPI03569 Protecting Solution Installation Settings

HPE OneView for Microsoft System Center Release Notes (v 8.2 and 8.2.1)

HPE ComputeSensor. User Guide. Software Version: 3.02 Windows and Linux operating systems. Document Release Date: August 2017

Administrator Guide. HP USB Port Manager

HP Device Manager 4.7

HPE BladeSystem c-class Virtual Connect Support Utility Version Release Notes

HPE Security Fortify Software Security Center

HPE ilo mobile app for ios

HP Intelligent Management Center v7.1

Transcription:

HP Fortify Scanning Plugin for Xcode Software Version: 4.40 User Guide Document Release Date: November 2015 Software Release Date: November 2015

Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice. Restricted Rights Legend Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The software is restricted to use solely for the purpose of scanning software for security vulnerabilities that is (i) owned by you; (ii) for which you have a valid license to use; or (iii) with the explicit consent of the owner of the software to be scanned, and may not be used for any other purpose. You shall not install or use the software on any third party or shared (hosted) server without explicit consent from the third party. Copyright Notice Copyright 2015 Hewlett Packard Enterprise Development LP Documentation Updates The title page of this document contains the following identifying information: Software Version number Document Release Date, which changes each time the document is updated Software Release Date, which indicates the release date of this version of the software To check for recent updates or to verify that you are using the most recent edition of a document, go to: https://protect724.hp.com/welcome You will receive updated or new editions if you subscribe to the appropriate product support service. Contact your HP sales representative for details. HP Fortify Scanning Plugin for Xcode (4.40) Page 2 of 8

Contents Preface 4 Contacting HP Fortify Support 4 For More Information 4 About the HP Fortify Software Security Center Documentation Set 4 HP Fortify Scanning Plugin for Xcode 5 About Xcode Scanning Plugin Installation 5 About Xcode Scanning Plugin Upgrades 5 Uninstalling Xcode Scanning Plugin 5 Configuring Scan Settings 6 Scanning a Project or Workspace 6 Send Documentation Feedback 8 HP Fortify Scanning Plugin for Xcode (4.40) Page 3 of 8

Preface Preface Contacting HP Fortify Support If you have questions or comments about using this product, contact HP Fortify Technical Support using one of the following options. To Manage Your Support Cases, Acquire Licenses, and Manage Your Account https://support.fortify.com To Email Support fortifytechsupport@hp.com To Call Support 650.735.2215 For More Information For more information on HP Enterprise Security Software products: http://www.hpenterprisesecurity.com About the HP Fortify Software Security Center Documentation Set The HP Fortify Software Security Center documentation set contains installation, user, and deployment guides for all HP Fortify Software Security Center products and components. In addition, you will find technical notes and release notes that describe new features, known issues, and lastminute updates. You can access the latest versions of these documents from the following HP ESP user community Protect724 website: https://protect724.hp.com/welcome You will need to register for an account. HP Fortify Scanning Plugin for Xcode (4.40) Page 4 of 8

HP Fortify Scanning Plugin for Xcode The HP Fortify Scanning Plugin for Xcode (Xcode Scanning Plugin) is a plugin that you can use to run HP Fortify Static Code Analyzer (SCA) scans on projects through the Xcode development environment (IDE). It is a lightweight plugin in that it occupies very little space in the Xcode IDE and you use it only to configure and run scans on your source code. The Xcode Scanning Plugin uses HP Fortify security content (Rulepacks and external metadata) installed with SCA. The Xcode Scanning Plugin locates security vulnerabilities in your projects without executing the code. The results include the list of the issues uncovered, descriptions of the type of vulnerability each issue represents, and suggestions on how to fix them. You can either upload scan results (FPR file) to HP Fortify Software Security Center or open them in HP Fortify Audit Workbench for auditing. About Xcode Scanning Plugin Installation To install the HP Fortify Scanning Plugin for Xcode, run the HP Fortify Static Code Analyzer and Applications installer (which includes Xcode Scanning Plugin, Audit Workbench and other applications). For installation instructions, see the HP Fortify Static Code Analyzer Installation Guide. Unless your administrator has set up an alternative way to deliver HP Fortify security content to you, make sure that you leave the Update security content after installation? check box selected at the end of the installation. About Xcode Scanning Plugin Upgrades After you install the HP Fortify Scanning Plugin for Xcode, any new revisions of the plugin are installed whenever you subsequently upgrade HP Fortify Static Code Analyzer. You can upgrade SCA and Applications manually or automatically from Audit Workbench. For instructions, see the HP Fortify Audit Workbench User Guide. Uninstalling Xcode Scanning Plugin To uninstall the HP Fortify Scanning Plugin for Xcode, uninstall HP Fortify Static Code Analyzer and Applications. HP Fortify Scanning Plugin for Xcode (4.40) Page 5 of 8

HP Fortify Scanning Plugin for Xcode Configuring Scan Settings The scan and analysis settings determine the amount of memory to use during scans, optional HP Fortify Static Code Analyzer translate and scan arguments to use, and more. To configure the scan and analysis settings: 1. Open an project or workspace in Xcode. 2. Select HP Fortify > Options. The HP Fortify Options dialog box opens. 3. To customize the settings for this project only, select the Use Project Specific Settings check box. If this option is not selected, the settings apply to all projects scanned from this Xcode instance. 4. To specify the amount of memory to use for the scan (such as 2048 MB), type the integer value in the Memory (MB) box. 5. To apply SCA arguments during scans, select the Use Additional SCA Arguments check box, and then, in the Translate and Scan boxes, enter command-line options for the translation and scan phases, respectively. For example, if you include the -verbose command-line option, detailed status messages are sent to the console during the analysis. For information on the available arguments and syntax, see the HP Fortify Source Code Analyzer User Guide. 6. To enable quick scan mode, select the Enable Quick Scan Mode check box. Quick scan mode enables you to quickly scan your projects for major issues. In quick scan mode, SCA scans your project using the fortify-sca-quickscan.properties file rather than the standard fortify-sca.properties file. (You can include additional properties by editing the fortify-sca-quickscan.properties file.) Keep in mind that, although a quick scan is significantly faster than full scan, it does not provide a robust result set. 7. You can review the scan command line in the Scan Command Line Preview area. 8. To open the FPR file that results from scans in HP Fortify Audit Workbench after a scan is completed, select the Open FPR File After Scan check box. 9. Click Save. Scanning a Project or Workspace This topic provides information about how to use the Xcode Scanning Plugin to scan and analyze your project or workspace source code to uncover security vulnerabilities (issues). To scan a solution or project: 1. Open an project or workspace in Xcode. 2. Select HP Fortify > Analyze Project. After the scan has completed, the Save dialog box opens with a default output file name and location that you can modify. HP Fortify Scanning Plugin for Xcode (4.40) Page 6 of 8

HP Fortify Scanning Plugin for Xcode 3. Click Save. If you have configured the Xcode Scanning Plugin to open the FPR after a scan, the FPR is opened in Audit Workbench. Note: If the FPR file is not generated in the location you specified or, if you configured the Xcode Scanning Plugin so that results opens upon scan completion, but the FPR file does not open, check the sca.log file (located in $HOME/.fortify/sca<version>/log directory, where <version> is the version of SCA that you are using). HP Fortify Scanning Plugin for Xcode (4.40) Page 7 of 8

Send Documentation Feedback Send Documentation Feedback If you have comments about this document, you can contact the documentation team by email. If an email client is configured on this system, click the link above and an email window opens with the following information in the subject line: Feedback on User Guide (Fortify Scanning Plugin for Xcode 4.40) Just add your feedback to the email and click send. If no email client is available, copy the information above to a new message in a web mail client, and send your feedback to HPFortifyTechPubs@hp.com. We appreciate your feedback! HP Fortify Scanning Plugin for Xcode (4.40) Page 8 of 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback