Has anyone integrated going from SonarQube to Fortify SSC? We are using dependency-check SCA scanning in SonarQube. I would like to send our SonarQube data to Fortify SSC. We are using SSC as our centralized vulnerability repository.
SonarQube and its prime integrations are documented on https://docs.sonarqube.org (i.e. Jenkins, GitHub, GitLab, Bitbucket, Azure DevOps, etc.), but we don’t have any expertise on Fortify SSC or how to centralize reports in Fortify SSC.
We don’t restrict what you do with the data that you own, so you are welcome to send your SonarQube project analyses, reports, metrics, etc. to Fortify SSC as you need.