We continue to strengthen to check vulnerabilities and sonars for code cleaning.
I would like to know if we can enable static code analysis in fortify and get rid of sonar / pmd / findbugs etc.
I have a java project that will be checked for security vulnerabilities using fortify sca. I also use sonar for code quality and cleanup.
Someone told me that I can set up sonar rules in reinforcement so that I can avoid sonar and save build time.
Basically, I want to configure a sonar parameter set in fortify. So fortify checks for vulnerabilities and quality and code cleanup.
Thanks in advance.
source
share