Bill Daley (BILLDALEY)
US Bank
Software Engineering Manager
US Bank
BILLDALEY Member since 2012 9 posts
US Bank
Posted: October 15, 2020
Last activity: October 15, 2020
Posted: 15 Oct 2020 11:02 EDT
Last activity: 15 Oct 2020 13:47 EDT

Integrating with external code scanners

Our enterprise requires that all application code be reviewed for security vulnerabilities.  It is preferred that code scanning tools like Fortify be used.  Pega code traditionally has not allowed for such tools due to the way code is stored and structured.  When compiled, I know it is ultimately Java code, but it isn't stored in the database in that form.  Due to not having this capability, we are forced to do manual code reviews which takes a lot of time.

Is it possible to allow any external tools to scan Pega code?

If no, is there any plan to move in that direction?

***Edited by Moderator Marissa to update Platform Capability tags****
Pega Platform 8.4 DevOps Data Integration Financial Services Lead System Architect