Fortify Static Code Analyzer is developed by Micro Focus which finds security vulnerabilities in the user’s source code duing early SDLC and provides best practices so developers can code more securely. Fortify Static code analyzer and its plugins are really outstanding compared to other solution. Fortify easily integrates into Visual Studio, code, eclipse, intelliJ and Android Studio.
How to Install Fortify Static Code Analyzer Component Application
To Install the Fortify Static Code Analyzer, you need to visit the Download page from the Microfocus. This website will ask you to sign up or log in to download any package.
Steps to Install if you have GUI access to your OS
STEP 1: Run the downloaded Installer based on your operating system.
Windows – Fortify_SCA_and_Apps_windows_x64.exe MacOS – Fortify_SCA_and_Appsosx_x64.app.zip Linux – Fortify_SCA_and_Apps_linux_x64.run
STEP 2: Follow the On-screen Instruction
STEP 3: Optionally, you can select the additional components mentioned in above topic.
STEP 4: Specify the USER for the installation.
STEP 5: Specify the path of the fortify.license file. (This you need to purchase)
STEP 6: Mention the URL Address of the Update Server. for example . https://update.fortify.com. This will update the Rules on regular basis.
STEP 7: Click Finish at the end
Fortify Static Code Analyzer Interview Questions and Answers
Q.1 The number of analyzers in Fortify SCA is _.
1)4
2)5
3)6
4)7
Correct Answer of above question is:6
Q.2 Which of the following languages does Fortify integrate with?
1)Python
2)C/C++
3)Java
4).Net
5)All the above options
Correct Answer of above question is:All the above options
Q.3 Fortify specializes in which of the following areas?
1)Bug finding
2)Type checking
3)Security review
4)Style checking
5)All the above options
Correct Answer of above question is:All the above options
Q.4 Formatting String can be done by __ .
1)Buffer
2)Configuration Analyzer
3)Structural Analyzer
4)Semantic Analyzer
Correct Answer of above question is:Semantic Analyzer
Q.5 Static code analysis is done after executing a code.
1)True
2)False
Correct Answer of above question is:False
Q.6 Which analyzer identifies loggers that are not declared a static final?
1)Structural
2)Configuration
3)Buffer Analyzer
4)Content
Correct Answer of above question is:Structural
Q.7 Source code is translated to intermediate format in which phase?
1)Build
2)Verification
3)Translation
4)Analysis
Correct Answer of above question is:Translation
Q.8 SCA processes JAVA code by emulating Compiler in __.
1)Build Integration tool
2)Command Line Interface
3)All the options
4)None of the Mentioned
Correct Answer of above question is:Build Integration tool
Q.9 Which analyzer uses the global and inter-procedural taint propagation analysis procedure?
1)Data flow
2)Buffer overflow
3)Control flow
4)Semantic
Correct Answer of above question is:Data flow
Q.10 Audit Workbench generates reports.
1)Secure
2)Collaborative work
3)Resolving Dependencies
4)All the options
Correct Answer of above question is:All the options
Q.11 Dynamic content in PHP and JSP can be checked by?
1)Configuration Analyzer
2)Semantic Analyzer
3)Content Analyzer
4)Structural Analyzer
Correct Answer of above question is:Content Analyzer
Q.12 How is incremental scanning done?
1)Only the initial full scan is done
2)Only the modified part of the code is scanned after the initial full scan
3)Scans the entire code always
Correct Answer of above question is:Only the modified part of the code is scanned after the initial full scan
Q.13 In what file format are reports stored?
1).docx
2).fpr
3).pdf
Correct Answer of above question is:.fpr
Q.14 Fortify was acquired by?
1)Cisco
2)HP
3)Oracle
4)None of the options
Correct Answer of above question is:HP
Q.15 Which analyzer inspects fair timeouts of a user in a specific session?
1)Buffer Analyzer
2)Structural
3)Content
4)Configuration
Correct Answer of above question is:Configuration
Q.16 The translation phase of C/C++ code in Fortify requires object files and library files.
1)True
2)False
Correct Answer of above question is:False
Q.17 A BuildID need not be unique.
1)True
2)False
Correct Answer of above question is:False
Q.18 Fortify cannot be integrated with Jenkins.
1)True
2)False
Correct Answer of above question is:False
Q.19 Semantic analyzer works in which of the following?
1)Intra-procedural Level
2)Inter-procedural Level
Correct Answer of above question is:Intra-procedural Level
