How to scan Apex code
Question
How do I scan Apex code using Fortify?
Answer
To scan your Salesforce application, you must download your Salesforce app to your local computer using the Ant Migration Tool available on the Salesforce website. Ensure that all the .cls, .page., .trigger, .object, and .component files have been downloaded.
Next scan the application from the command-line. This follows the phases that are part of a Fortify scan: clean, translate, and analyze.
Clean:
sourceanalyzer -b <buildid> -clean
Translate:
sourceanalyzer -b <buildid> <source code directory>
Analyze:
sourceanalyzer -b <buildid> -scan -f results.fpr
The file resutls.fpr
will contain your scan results.