{"id":48435588,"url":"https://github.com/ptkvaibhav/opentext-application-security-parser-burp","last_synced_at":"2026-04-06T13:00:28.800Z","repository":{"id":281603569,"uuid":"945780460","full_name":"ptkvaibhav/opentext-application-security-parser-burp","owner":"ptkvaibhav","description":"An enterprise-grade Fortify Software Security Center (OpenText Application Security) plugin to ingest, parse, and visualize PortSwigger Burp Suite XML scan results.","archived":false,"fork":false,"pushed_at":"2026-04-02T19:16:27.000Z","size":135473,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-04-03T04:40:40.661Z","etag":null,"topics":["burp-suite","burpsuite","burpsuitepro","fortify","fortify-api","fortify-integration","fortify-parser-plugin","fortify-ssc","gradle","java","opentext","opentext-sast","parser","plugin","security","ssc","vulnerability-management","vulnerability-management-platform"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ptkvaibhav.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-03-10T05:40:17.000Z","updated_at":"2026-04-02T19:16:32.000Z","dependencies_parsed_at":"2025-03-10T07:22:39.899Z","dependency_job_id":"b55e7dcd-20c9-474a-bffd-bed6c27dbaa3","html_url":"https://github.com/ptkvaibhav/opentext-application-security-parser-burp","commit_stats":null,"previous_names":["ptkvaibhav/burp_to_fortify_parser","ptkvaibhav/opentext-application-security-parser-burp"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ptkvaibhav/opentext-application-security-parser-burp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ptkvaibhav%2Fopentext-application-security-parser-burp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ptkvaibhav%2Fopentext-application-security-parser-burp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ptkvaibhav%2Fopentext-application-security-parser-burp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ptkvaibhav%2Fopentext-application-security-parser-burp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ptkvaibhav","download_url":"https://codeload.github.com/ptkvaibhav/opentext-application-security-parser-burp/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ptkvaibhav%2Fopentext-application-security-parser-burp/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31473271,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-06T08:36:52.050Z","status":"ssl_error","status_checked_at":"2026-04-06T08:36:51.267Z","response_time":112,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["burp-suite","burpsuite","burpsuitepro","fortify","fortify-api","fortify-integration","fortify-parser-plugin","fortify-ssc","gradle","java","opentext","opentext-sast","parser","plugin","security","ssc","vulnerability-management","vulnerability-management-platform"],"created_at":"2026-04-06T13:00:18.220Z","updated_at":"2026-04-06T13:00:28.783Z","avatar_url":"https://github.com/ptkvaibhav.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Fortify SSC Burp Suite Parser Plugin\n\n![Build Status](https://github.com/ptkvaibhav/opentext-application-security-parser-burp/actions/workflows/ci.yml/badge.svg)\n![License](https://img.shields.io/badge/License-MIT-blue.svg)\n![Java](https://img.shields.io/badge/Java-17-orange)\n![Fortify](https://img.shields.io/badge/Fortify_SSC-19.x+-brightgreen)\n\nAn enterprise-grade custom parser plugin for Fortify Software Security Center (OpenText Application Security). This plugin enables seamless ingestion, parsing, and visualization of PortSwigger Burp Suite XML scan results directly within the Fortify SSC dashboard.\n\n## 📖 Overview\n\nFortify SSC relies on external plugins to support third-party security tools. This plugin implements the modern Fortify Plugin SPI (v1.2.2320.0), bridging the gap between Burp Suite's dynamic analysis exports and Fortify's centralized vulnerability management.\n\n**Key Features:**\n- **Deterministic ID Generation:** Uses SHA-256 hashing of Issue Name, Host, Path, and Location to ensure vulnerability IDs remain stable across subsequent scans, preventing duplicates.\n- **Rich Attribute Mapping:** Custom attributes ensure that Burp-specific data (e.g., Confidence, Issue Background, Remediation Detail) is fully visible in SSC.\n- **Custom View Template:** Includes a tailored UI template (`burp-view.json`) that organizes issue details cleanly within the SSC interface.\n- **Enterprise CI/CD:** Fully integrated GitHub Actions workflow for automated testing, linting (Checkstyle), and build packaging.\n\n## 🚀 Getting Started\n\n### Prerequisites\n- **Java:** JDK 17.\n- **Build Tool:** Gradle 9.4.1.\n- **Fortify SSC:** Version 19.x or later (fully compatible with 25.4.0).\n- **Burp Suite:** Export capabilities to XML.\n\n### Building the Plugin\n\nThe project uses the Gradle Shadow plugin to create a \"Fat JAR\" required by Fortify.\n\n```bash\n# Clone the repository\ngit clone https://github.com/ptkvaibhav/opentext-application-security-parser-burp.git\ncd opentext-application-security-parser-burp\n\n# Build the Fat JAR\n./gradlew clean build shadowJar\n```\n\nThe resulting deployment artifact will be located at:\n`build/libs/fortify-ssc-parser-burp-1.0.0.jar`\n\n## ⚙️ Installation \u0026 Usage\n\n### 1. Install into Fortify SSC\n1. Log in to your Fortify SSC instance with Administrator privileges.\n2. Navigate to **Administration \u003e Plugins \u003e Parsers**.\n3. Click **Add** and upload the `fortify-ssc-parser-burp-1.0.0.jar` file.\n4. **Important:** After uploading, locate the \"Burp Suite Parser Plugin\" in the list and click **Enable**.\n\n### 2. Uploading Scan Results\nFortify SSC requires uploaded artifacts to specify their engine type.\n\n1. Export your Burp Suite scan results in **XML format** (e.g., `burp-results.xml`).\n2. Create a plain text file named `scan.info` in the same directory as your XML file.\n3. Add the following exact line to `scan.info`:\n   ```text\n   engineType=BURP\n   ```\n4. Create a ZIP archive (e.g., `results.zip`) containing both `burp-results.xml` and `scan.info`.\n5. Upload `results.zip` to your chosen Application Version in Fortify SSC.\n\n## 🛠️ Development \u0026 Architecture\n\n- **`BurpParserPlugin.java`**: The main entry point implementing `ParserPlugin\u003cT\u003e`. Handles generic scan mapping and iteration.\n- **`BurpItems.java` / `BurpItem.java`**: Jackson XML data models representing the Burp export structure.\n- **`BurpVulnerabilityAttribute.java`**: Enum defining custom fields presented in the SSC UI.\n\n### Code Quality\nThe project enforces strict code quality standards:\n- **Linting:** Run `./gradlew checkstyleMain` to ensure code meets format requirements.\n- **Testing:** Run `./gradlew test` to execute JUnit 5 and Mockito tests.\n\n## 🤝 Contributing\n\nWe welcome contributions! Please see our [Contributing Guidelines](CONTRIBUTING.md) for details on how to submit pull requests, report issues, and suggest features.\n\nPlease also adhere to our [Code of Conduct](CODE_OF_CONDUCT.md).\n\n## 🛡️ Security\n\nFor information on supported versions and how to report vulnerabilities, please refer to our [Security Policy](SECURITY.md).\n\n## 📄 License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n\n## 💬 Support\n\nIf you need help or have questions, please check out our [Support Guide](SUPPORT.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fptkvaibhav%2Fopentext-application-security-parser-burp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fptkvaibhav%2Fopentext-application-security-parser-burp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fptkvaibhav%2Fopentext-application-security-parser-burp/lists"}