Fortinet black logo

User Guide

23.1.a
24.1.a
24.1.0
23.4.a
23.4.0
23.3.0
23.2.a
23.2.0
23.1.a
23.1.0
22.4.a
22.4.0
22.1.0

Automated Application Scanning

Automated Application Scanning

This tutorial aims to automate a security scan on your application in a CI/CD environment. Ensure that the Prerequisite is met, see section Scanning an Application for more details.

Adding a New Application

Login into the FortiDevSec portal and add a new application for your organization.

  1. Click on the New Application tab and enter the application name.
  2. Click Next and the App Setup information is displayed, download the fdevsec.yaml file from the application page.

You can optionally configure the risk ratings for your application. See section Adding a New Application for detailed procedure.

Integrating the fdevsec.yaml

Integrate the fdevsec.yaml into your CI/CD as defined in the next step (based on the CI/CD tool). This tutorial uses only the mandatory parameters in the configuration file, you can add optional (advanced) parameters to make your scan more precise.

The application languages are automatically detected and FortiDevSec runs the appropriate scans.

See section Configuring the Scanner (fdevsec.yaml) for detailed procedure.

CI/CD Configurations

Integrate scan configurations into your CI/CD tool. See Running the Security Scan.

Viewing the Scan Result

The dashboard of the FortiDevSec portal lists the applications, click on your application to view and analyze comprehensive details of the detected vulnerabilities.

See section Viewing the Scan Result for more details.

Previous
Next

Automated Application Scanning

This tutorial aims to automate a security scan on your application in a CI/CD environment. Ensure that the Prerequisite is met, see section Scanning an Application for more details.

Adding a New Application

Login into the FortiDevSec portal and add a new application for your organization.

  1. Click on the New Application tab and enter the application name.
  2. Click Next and the App Setup information is displayed, download the fdevsec.yaml file from the application page.

You can optionally configure the risk ratings for your application. See section Adding a New Application for detailed procedure.

Integrating the fdevsec.yaml

Integrate the fdevsec.yaml into your CI/CD as defined in the next step (based on the CI/CD tool). This tutorial uses only the mandatory parameters in the configuration file, you can add optional (advanced) parameters to make your scan more precise.

The application languages are automatically detected and FortiDevSec runs the appropriate scans.

See section Configuring the Scanner (fdevsec.yaml) for detailed procedure.

CI/CD Configurations

Integrate scan configurations into your CI/CD tool. See Running the Security Scan.

Viewing the Scan Result

The dashboard of the FortiDevSec portal lists the applications, click on your application to view and analyze comprehensive details of the detected vulnerabilities.

See section Viewing the Scan Result for more details.

Previous
Next