Beschreibung
Task:Major goal of all the changes are automation of the Fortify scans on the Jenkins CI server which the full integration of the server processing and automated evaluation.
Prio 1
ƒ. Scans take time. Fortify SSC processing takes a variable amount of time. The processing status should be displayed on the dashboard Fortify plugin on Jenkins. Dashboard should always updated results when processing finishes. This should take cloud worker configurations into account.
„. Scans uploaded from Fortify Jenkins plugin to the Fortify SSC to two specific templates should be approved automatically in case when there are too many differences to the previous scan
…. The dashboard of the Fortify Jenkins plugin should show details and recommendations as we see them in e.g. Fortify Eclipse plugin for each issue
†. Scans uploaded to a specific Fortify project template should automatically trigger Audit Assistant processing. The Audit Assistant results and the Fortify Priority value should be used to move the issues in predefined folders.
Prio 2
‡. The Fortify Jenkins plugin should be able to analyse the configuration of the Jenkins project (e.g. Maven or normal Projects) to be able to run a Fortify scan with nearly zero configuration parameters including cloud worker usage. When cloud workers are used the scan should not block the build from finishing to free the processing power of the Jenkins node.
ˆ. The Fortify Jenkins plugin allows configuration of a Fortify Application/Version. The view to the list of versions should be limited to the rights of a given fortify user.
‰. Fortify Jenkins Plugin should be able to trigger and download a custom report from the server
Prio 3
Š. Change a custom Fortify report to add OWASP 2017 Top 10 and OWASP mobile standard to the selection parameters of the report.
‹. Perform very small optional changes in the customer Report.
Prio 4
Ԟ. Block uploads on Fortify SSC which go to application versions older than 3 month (date coded in the application version name by YYYY-MM-DD …
ԟ. Delete all old reports from the Fortify SSC which use not the custom Report template.
Ԡ. Fix a bug in the custom report.
Requirements (Must have):
Business Consultant (m/f) Experience
English fluent
Environment/Miscellaneous:
Effort in MDs: 10 - 11 MD
End date is flexibel also possible)
Beginn: 01.08.2018
Dauer: 30.11.2018
Branche: Logistik/Transport