{"id":23651892,"url":"https://github.com/microfocus/fortify-issue-manager","last_synced_at":"2025-11-16T19:30:16.897Z","repository":{"id":38298911,"uuid":"260568093","full_name":"MicroFocus/fortify-issue-manager","owner":"MicroFocus","description":null,"archived":false,"fork":false,"pushed_at":"2024-05-14T12:59:12.000Z","size":164,"stargazers_count":1,"open_issues_count":3,"forks_count":0,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-12-28T16:48:45.486Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MicroFocus.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-05-01T22:10:32.000Z","updated_at":"2024-05-14T12:59:16.000Z","dependencies_parsed_at":"2024-05-14T14:03:14.110Z","dependency_job_id":"9d278dac-5565-4212-aa68-cce6cf3feb56","html_url":"https://github.com/MicroFocus/fortify-issue-manager","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MicroFocus%2Ffortify-issue-manager","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MicroFocus%2Ffortify-issue-manager/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MicroFocus%2Ffortify-issue-manager/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MicroFocus%2Ffortify-issue-manager/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MicroFocus","download_url":"https://codeload.github.com/MicroFocus/fortify-issue-manager/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239611992,"owners_count":19668274,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-28T16:48:52.098Z","updated_at":"2025-11-16T19:30:16.825Z","avatar_url":"https://github.com/MicroFocus.png","language":"Java","readme":"# Fortify Issue Manager\n\nThis is a utility to find issues created by Fortify on Demand scans and create corresponding bugs in a bug tracker like `Jira` or `Octane`. Once the bugs are created they are linked back to the Fortify on Demand issue. Users can then click the `View Bug` button in Fortify on Demand to navigate to the corresponding bug.\n\n### Fortify on Demand Configuration\nYou will need to configure the Fortify on Demand application to `Enable Bug Tracker Integration` and set `Bug Tracker` to `Other`. This can be done from the Fortify on Demand Applications view \u003e Settings \u003e Bug Tracker tab.\n\n![Settings](images/FoDsettings.png)\n\n### fortify-java-issue-manager\n\nIt can be used from another Java project by including the following dependency:\n\n```xml\n\u003cdependency\u003e\n    \u003cgroupId\u003ecom.microfocus.security.automation.fortify\u003c/groupId\u003e\n    \u003cartifactId\u003efortify-issue-manager\u003c/artifactId\u003e\n\u003c/dependency\u003e\n```\n\nIt makes the following `static` method available in the `FortifyIssueManager` class:\n\n```java\npublic static boolean manageIssues(final boolean dryRun, final String scriptFile)\n```\n\n### fortify-java-issue-manager-cli\n\nThis modules provides a simple command-line interface which wraps the `manageIssues()` function.\n\n    Usage: fortify-issue-manager [-d] -s=\u003cscriptFile\u003e\n      -d, --dryRun\n             If true, the tool lists the bug details but does not create them. Defaults to false.\n      -s, --scriptFile=\u003cscriptFile\u003e\n             Specifies the script file with the `getPayload` function to create the bug details\n\nA javascript file that includes a `getPayload` function must be specified.\n\nThe `getPayload` function will be passed the following arguments:\n- applicationId - The Fortify application ID\n- applicationName - The Fortify application Name\n- severity - The severity of the Fortify issue\n- category - The category of the Fortify issue\n- description - The description of the Fortify vulnerabilities in the category\n\nThe script should return the payload for creating a bug in a bug tracking application.  \n\nHere is a sample script file [getPayload.js](./fortify-issue-manager/src/test/resources/getPayload.js).\n\n### Required Configuration\nThe following environment variables must be set:\n- `FORTIFY_GRANT_TYPE`  \n    This property configures the Fortify on Demand authentication grant type.  \n    It must be set to `client_credentials` or `password`.\n\n    If grant type is `client_credentials` then the following environment variables must be set:\n     - `FORTIFY_CLIENT_ID`\n     - `FORTIFY_CLIENT_SECRET`\n\n    If grant type is `password` then the following environment variables must be set:\n     - `FORTIFY_USERNAME`\n     - `FORTIFY_PASSWORD`\n\n- `FORTIFY_SCOPE`  \n    This property configures the Fortify on Demand scope. Example: api-tenant\n\n- `FORTIFY_API_URL`  \n    This property configures the Fortify on Demand api url\n\n- `FORTIFY_ISSUE_URL`  \n    This property configures the Fortify on Demand issue url\n\n- `FORTIFY_APPLICATION_IDS`  \n    This property is a comma separated list of Fortify on Demand application ids\n\n- `FORTIFY_RELEASE_FILTERS`  \n    This property is a delimited list of field filters for Fortify on Demand releases.  \n    If no release filters are specified, the following filter is applied:  \n    `sdlcStatusType:Production`\n\n- `FORTIFY_ISSUE_FILTERS`  \n    This property is a delimited list of field filters for Fortify on Demand issues.  \n    If no issue filters are specified, the following filters are applied:  \n    `severityString:Critical|High+auditorStatus:Remediation Required`\n\n- `TRACKER`  \n    This property defines the issue tracker to use.\n    Supported trackers: `JIRA`, `OCTANE`\n\n- `TRACKER_USERNAME`  \n    This property configures the issue tracker username\n\n- `TRACKER_PASSWORD`  \n    This property configures the issue tracker password\n\n- `TRACKER_API_URL`  \n    This property configures the issue tracker url\n\n#### Octane required configuration\n###### Note that the username and password must be generated for the shared_space and workspace\n\n- `TRACKER_SHARED_SPACE_ID`  \n  This property configures the octane shared space id.\n\n- `TRACKER_WORKSPACE_ID`  \n  This property configures the octane workspace id.\n\n- `TRACKER_API_URL`  \n    This property configures the issue tracker url\n\n#### Logging\nSet the `FORTIFY_ISSUE_MANAGER_LOG_LEVEL` environment variable to configure the log level. Default is `INFO`.\n\n#### Note\nFortify on Demand field filters are specified as follows:  \nField name and value should be separated by a colon (:). Multiple fields should be separated by a plus (+). Multiple fields are treated as an AND condition.  \nExample, `fieldname1:value+fieldname2:value`  \nMultiple values for a field should be separated by a pipe (|).  \nMultiple values for a field are treated as an OR condition.  \nExample, `fieldname1:value1|value2`\n\n### fortify-issue-manager-cli-image\nThis module builds a Docker image for the command-line interface, potentially allowing for simpler usage in some environments.\n\nHere is an example command specific to Octane:\n\n```\ndocker container run --rm \\\n    -e FORTIFY_GRANT_TYPE=password \\\n    -e FORTIFY_USERNAME=\u003cFortify on Demand username\u003e \\\n    -e FORTIFY_PASSWORD=\u003cFortify on Demand password\u003e \\\n    -e FORTIFY_TENANT=\u003cFortify on Demand tenant\u003e \\\n    -e FORTIFY_SCOPE=\u003cFortify on Demand scope\u003e \\\n    -e FORTIFY_API_URL=\u003cFortify on Demand API URL\u003e \\\n    -e FORTIFY_ISSUE_URL=\u003cFortify on Demand issue URL\u003e \\\n    -e FORTIFY_APPLICATION_IDS=\u003cComma separated list of application ids\u003e \\\n    -e FORTIFY_RELEASE_FILTERS=\u003cDelimited list of release field filters\u003e \\\n    -e FORTIFY_ISSUE_FILTERS=\u003cDelimited list of issue field filters\u003e \\\n    -e TRACKER=\u003cJIRA|OCTANE\u003e \\\n    -e TRACKER_USERNAME=\u003cusername\u003e \\\n    -e TRACKER_PASSWORD=\u003cpassword\u003e \\\n    -e TRACKER_API_URL=\u003cURL\u003e \\\n    -e TRACKER_SHARED_SPACE_ID=\u003cid\u003e \\\n    -e TRACKER_WORKSPACE_ID=\u003cid\u003e \\\n    -e HTTP_PROXY \\\n    -v $(pwd):/wd \\\n    microfocus/fortify-issue-manager \\\n    -s=/wd/getPayload.js\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmicrofocus%2Ffortify-issue-manager","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmicrofocus%2Ffortify-issue-manager","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmicrofocus%2Ffortify-issue-manager/lists"}