Application vulnerabilities have become more than just a nuisance in recent years. To get rid of application vulnerabilities before they are deployed, we need to make considerable efforts to integrate security assurance as an essential part of the software application’s lifecycle.
You are a customer or partner of SAP who wants to check your own custom ABAP code for security risks. This topic explains how you can replicate results from ATC check runs into Micro Focus Fortify Software Security Center (in short: Fortify SSC). It focuses on the functionality and the usage of additions to ATC tools that are used for remote Code Vulnerability Analysis (in short: CVA) in Fortify SSC as a third-party tool offering.
Code Vulnerability Analyzer (CVA) is SAP’s static code analyzer. It helps you to identify and fix security vulnerabilities in your ABAP coding.