Introduction This is the second part of a two-part blog series describing one method to display Fortify scan results in SonarQube. This blog describes the process to convert the Fortify scan results and display them in SonarQube. For an overview of the entire process, and a detailed description of generating the Fortify SCA results, see […]
I was lucky enough to speak at AgileDC 2017 and present my experience report on the Agile DevOps Transformation I have been a part of at Housing and Urban Development. In this presentation, I go over the theories of DevOps, how we intended to put these theories into practice, and how we actually put these […]
I know what you’re thinking…what happened to the 2016 release? Well, 2016 was an interesting year, and unfortunately we weren’t able to get out a mid-year release, and our Q4 release got pushed to Q1 of this year. But, finally, an updated version of SecureCI™ is here! So, what can you expect from this release? Upgrades First and […]
I recently was put on a project where we are doing development for a website. There was already a large code, and we went in to add features in order to complete the site, and perform code refactoring when necessary. In order to accomplish this successfully, we decided to follow the SecureAgileTM, which involves ensuring […]
Sonar is a tool to analyze and visualize code quality in Java projects. It isn’t a static code analysis tool itself, rather it uses a number of open source tools to analyze the code, then Sonar gathers the metrics. Its strength is in providing a dashboard, trend reports, and drill downs to help visualize the state […]
