Thread: Auditing Code - Fortify

On 3/26/2014 12:42 PM, Dev Kumkar wrote:
> Is Fortify supported for PostgreSQL?


why don't you ask the Fortify vendor ?



--
john r pierce                                      37N 122W
somewhere on the middle of the left coast

On 03/27/2014 01:15 AM, Dev Kumkar wrote:
> On Thu, Mar 27, 2014 at 1:36 AM, Dev Kumkar <devdas.kumkar@gmail.com
> <mailto:devdas.kumkar@gmail.com>> wrote:
>
>     On Thu, Mar 27, 2014 at 1:31 AM, John R Pierce <pierce@hogranch.com
>     <mailto:pierce@hogranch.com>> wrote:
>
>         why don't you ask the Fortify vendor ?
>
>
>     Yup, following up with them in parallel.
>     Search didn't gave me any good links, so wanted to check with
>     community too here.
>
>     If not Fortify, is there any other such tool?
>
>     Regards...
>
>
> Awaiting response..
>
> Correct me if this is wrong alias and need to post to this different
> pgsql-ALIAS

Search on:

fortify software database

found:

http://www.hpenterprisesecurity.com/vulncat/en/vulncat/index.html

This indicates Postgres is not supported.


Search on

fortify open source alternatives

found:

https://www.owasp.org/index.php/Source_Code_Analysis_Tools


--
Adrian Klaver
adrian.klaver@aklaver.com

On 3/27/2014 6:41 AM, Adrian Klaver wrote:
> http://www.hpenterprisesecurity.com/vulncat/en/vulncat/index.html
>
> This indicates Postgres is not supported.

looking over what that tool *does* audit in the plsql and tsql that it
supports is not very reassuring.




--
john r pierce                                      37N 122W
somewhere on the middle of the left coast