DevOps Pipeline (5), Setup from Clone with Fortify

Since Microsoft introduced Azure in 2010, we have changed our computing habits a lot, basically from local or promises to cloud. This is a huge change and a huge leap. Looking back, we did have a lot of experience indirectly or directly working on or related on Azure, or associated DevOps.

1. In 2011, I participated in a project in Health Care field, a huge project with 10 terabytes of data in production and 5000 database transactions per second at peak time. We have 200 developers involved in this project, divided into 20 feature Agile Feature teams. We use TFS server, auto built the app when anyone checked in any changes to the server.  At that time, it might not be Azure DevOps, but the operation was somewhat similar with the concept of CI (Continue Integration) and CD (Continue Deployment).
2. I had worked on a project, the client wanted to move all current Apps from TFS promises Server into DevOps Cloud associated with Git as source control management. We worked with MS Pipeline intensively.
3. Another project, with Fortify Scanning, a security scanning, we need to setup a Azure Pipeline for the automation process with Fortify as a core functionality.
4. In recent years, more and more companies moved or moving to Cloud, such as Azure, associated with DevOps, Pipeline.

All of them require us, even as a developer, to be familiar with Azure, and DevOps. I had article series about Source Control (Repos), this series is about Pipelines. The style of the article series is similar to the Repos series, These are not system summary, or introduction, or learning notes, these are just gathering what I have experienced and I assume I understood and shared with myself and you. The following are the topics I have now and will complete within days or weeks.  Later on, I will add some more materials according to new experience or summary.

• DevOps Pipeline (1), Management --- GUI and Yaml
• DevOps Pipeline (2), Import/Export and Clone 
• DevOps Pipeline (3), Setup from GUI
• DevOps Pipeline (4), Setup from YAML 
• DevOps Pipeline (5), Setup from Clone with Fortify --- this article

Introduction

This article topic is to Setup a pipeline with Fortify Scanning from Clone. The following is the content of this article

• Indroduction
• Setup from Clone with Fortify

Setup from Clone with Fortify

When we have an existing pipeline, and want to use it as a base or sample to build a new pipeline, if the original pipeline is in the same group, we can easily use clone to make a new one, How to clone a pipeline, we can see article DevOps Pipeline (2), Import/Export and Clone, we will discuss the setup procedure of the new pipeline associated with Fortify Scanning.

Pipeline

• Give the pipeline name
• Choose the Agent Pool

Get Sources

• Choose the sources from Source Control, either DevOps Repos or TFS --- here we are from TFS
• Map the server path to local (this is a server to build the project)

Agent Job 1

• Choose Agent Name
• Choose Agent Pool

NuGet Restore

Build Solution

Copy Files to

Run Build Script

Nexus IQ policy evaluation

• This is running SonaType Scanning
• Neet to setup login

Run Fortify on Main

• Fortify Static Security Scanning

Run WebInspect Web Site Script:

• Dynamic scanning
• mainly use for Web App

 

Reference

• Microsoft Azure - Wikipedia
• YAML pipeline editor guide - Azure Pipelines | Microsoft Learn
• Clone or import a pipeline - Azure Pipelines | Microsoft Learn