Microfocus Fortify Security Scan Support - Fortify Scan in GitLab Security/Vulnerability Dashboard

A customer has reached out and emphasized that if they could get Security Scans from Fortify into GitLab that they could further the adoption of the GitLab software within their agency for their customers. They have also mentioned that this could potentially displace other software vendors and save them money. This customer and their customers are forced to use Fortify to comply with Security mandates as it currently stands. They have requested that we consider looking at supporting Fortify Scans within GitLab.

Other Info

I looked to see if there is anyone in Alliances to reach out on this topic and apparently the Alliance Manager that was assigned to MicroFocus left and we are working to fill the gaps. In the meantime see this: https://gitlab.slack.com/archives/CBMQE38E5/p1621019708282700 (FYI: @pete_goldberg and @mlebeau)

The Alliances page is here: https://gitlab.com/gitlab-com/alliances/fortify-micro-focus/fortify-public-tracker

I also reached out to our Professional Services team (CC: @juliebyrne) to engage them on this as @MarcKriz and I felt they would be most interested in a quick win (with PS converter from FPR to JSON) however they are more interested in a long-term company partnership. They had concerns around future support as Microfocus updates their products and FPR output changes and the JSON converter script breaks. They would have to maintain the O&M on this.

I believe this would be a great feature to implement into Gitlab because customers who want this support would be looking to use the Security Dashboard which means they would be Ultimate Customers already. This integration could/should be an Ultimate feature of Gitlab and I think it would help to drive further adoption of Gitlab especially within the USA Public Sector.

FYI -- @cdmaurer13 and @jkrooswyk