Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backstage Plugin #42

Open
regicsolutions opened this issue Jun 30, 2022 · 3 comments
Open

Backstage Plugin #42

regicsolutions opened this issue Jun 30, 2022 · 3 comments

Comments

@regicsolutions
Copy link

Was wondering if there's any plans to also include Backstage integration? It would be great to have a Backstage plugin similar to the one synk created: https://github.com/snyk-tech-services/backstage-plugin-snyk where scan results can be posted to Backstage providing developers a single pane of glass view into a component.

Backstage: https://backstage.io/docs/overview/what-is-backstage is soon becoming the new Internal Developer Portal standard.
@rsenden
Copy link
Contributor

rsenden commented Aug 2, 2022

FortifyVulnerabilityExporter can export vulnerability data to a variety of file formats that can then be ingested into a target system. I'm not familiar with Backstage; if they provide the ability to ingest vulnerability data from JSON or CSV files, then it should be possible to create a FortifyVulnerabilityExporter configuration that exports vulnerability data to a file format that is compatible with Backstage.

I couldn't find such file import functionality though while having a quick browse through the Backstage documentation; it looks like Backstage would require a Backstage-specific plugin to be developed to import data from Fortify SSC or Fortify on Demand. I'm not aware of any plans for such a plugin, but I'll check internally. If you're an existing Fortify customer, you may also want to check with Fortify Support or your FoD TAM whether there are any such plans.

@Damounet
Copy link

Any news on this topic?

We are using Backstage too and would like to have the Fortify On Demand reports on our backstage app's pages.

@rsenden
Copy link
Contributor

rsenden commented Dec 28, 2023

As mentioned above, I didn't find anything in the Backstage documentation about importing JSON or CSV files with vulnerability data, so FortifyVulnerabilityExporter is not suitable for this integration. Such an integration would likely require a Backstage plugin that connects to FoD/SSC API to retrieve vulnerability data and display this in Backstage. Please submit a feature request through the regular Fortify support channels, or alternatively, engage with Fortify Professional Services to scope the work needed to develop such a plugin.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@regicsolutions @Damounet @rsenden