Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fcli tool: Consider adding additional definitions for [WI Login Macro Recorder, Audit Workbench, Sample Vulnerable Projects, ABAP Extractor] #597

Open
MikeTheSnowman opened this issue Sep 14, 2024 · 0 comments
Open

fcli tool: Consider adding additional definitions for [WI Login Macro Recorder, Audit Workbench, Sample Vulnerable Projects, ABAP Extractor] #597

MikeTheSnowman opened this issue Sep 14, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@MikeTheSnowman
Copy link
Collaborator

Enhancement Request

Appologies for bundling multiple requests into one ER. Please let me know if you'd like me to close this and create multiple ERs.

This enhancement request title is pretty self explanatory, but some tools do have higher priority IMO and I'll explain my thoughts in case someone thinks otherwise.

  • WI Login Macro Recorder: I think this one is a higher priority item. For both SC-DAST and FoD, users will need the ability to generate either a Login/Workflow macro in order to run a scan. Although this is currently only supported on Windows, I still think it's woth adding in a tool definition for this to lower the barriers for users to run their scans and to update their existing scans with new macros when needed.

  • Audit Workbench: This is a medium priority tool because fcli has no FPR auditing capabilities, so being able to download a tool that can audit FPRs will be nice. Although access to AWB is guarded behind a pay-wall, FoD users currently have the ability to download AWB via FoD's tools page. Customers won't be able to use AWB if they don't have a valid Fortify license, which is the same behavior of our easy to download Fortify Security Assistant IDE plugin, so I don't see a big difference there. Plus, AWB is available for Windows, Linux, and MacOS, which is nice.

  • Sample Vulnerable Projects: This is a low priority item IMO. Although this is not a "tool", I can definitely see scenarios where users will want quick and easy access to some sample projects, with a known set of vulnerabilities, to perform a number of different activities like: Doing a test scan on SC-SAST/FoD, accessing a sample project for custom rule/filter/issue-template/report development, testing Fortify Security Assistant, and more.

  • ABAP Extractor: This is a low priority tool in my opinion. I imagine that there aren't many Fortify customers who are scanning their ABAP code. And given that you need the SAP GUI to even install and run the extractor, I see little opportunity to fully automate ABAP scans (but please correct me if I'm wrong here). Again though, I still think it would be a nice being to use fcli to download the ABAP extractor using fcli.
@MikeTheSnowman MikeTheSnowman added the enhancement New feature or request label Sep 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MikeTheSnowman