Description
Sehr geehrte Damen und Herren,für unseren Kunden suchen wir einen Business Consultant (m/w) für den Bereich Automation of Fortify Scans.
Major goal of all the changes are automation of the Fortify scans on the Jenkins CI server which the full integration of the server processing and automated evaluation.
Prio 1
1. Scans take time. Fortify SSC processing takes a variable amount of time. The processing status should be displayed on the dashboard Fortify plugin on Jenkins. Dashboard should always updated results when processing finishes. This should take cloud worker configurations into account.
2. Scans uploaded from Fortify Jenkins plugin to the Fortify SSC to two specific templates should be approved automatically in case when there are too many differences to the previous scan
3. The dashboard of the Fortify Jenkins plugin should show details and recommendations as we see them in e.g. Fortify Eclipse plugin for each issue
4. Scans uploaded to a specific Fortify project template should automatically trigger Audit Assistant processing. The Audit Assistant results and the Fortify Priority value should be used to move the issues in predefined folders.
Prio 2
5. The Fortify Jenkins plugin should be able to analyse the configuration of the Jenkins project (e.g. Maven or normal Projects) to be able to run a Fortify scan with nearly zero configuration parameters including cloud worker usage. When cloud workers are used the scan should not block the build from finishing to free the processing power of the Jenkins node.
6. The Fortify Jenkins plugin allows configuration of a Fortify Application/Version. The view to the list of versions should be limited to the rights of a given fortify user.
7. Fortify Jenkins Plugin should be able to trigger and download a custom report from the server
Prio 3
8. Change a custom Fortify report to add OWASP 2017 Top 10 and OWASP mobile standard to the selection parameters of the report.
9. Perform very small optional changes in the customer Report.
Prio 4
10. Block uploads on Fortify SSC which go to application versions older than 3 month (date coded in the application version name by YYYY-MM-DD …
11. Delete all old reports from the Fortify SSC which use not the custom Report template.
12. Fix a bug in the custom report.
Anforderungen:
- Sehr gute Kenntnisse in Jenkins
- Sehr gute Kenntnisse im Umgang mit Maven
- Kenntnisse mit Fortify
Einsatzort
Bonn
Arbeitsbeginn
19.03.2018
Arbeitsende
30.04.2018
Anzahl gesuchter Berater:
1
Kurz zu uns: IPSWAYS ein renommierter Dienstleister für die Rekrutierung und das Management von IT-Personal. Durch unsere intensiven Kontakte zu Unternehmen aller Branchen und Größen erfahren wir von vielen interessanten IT-Projekten und können Ihnen so Zugang zu reizvollen Projekten bieten und attraktive Angebote unterbreiten.
Bei Interesse senden Sie uns doch einfach Ihr Profil im Word-Format oder als pdf unter Angaben Ihres bestmöglichen all in Stundensatz an
Für Fragen stehen wir Ihnen selbstverständlich gerne zur Verfügung.
Mit freundlichen Grüssen
Giulia D’Angelo
Partner-Management
Ipsways – IPS Projects GmbH
Fon:
Email: