You can download from https://www.fortify.com/ or other places.
Note: this is commercial software, need license
Run exe to install next and next by steps, then ok,you can see bellow, run Audit Workbench
There is no rulepacks after you install, need to get rules, do like this:
Menu:Options->Options->Server Configuration,set the Rulepack Update Configuration:Proxy Server.
Then click Rulepack Management, Click Update Rulepacks to get rules, and then ok.
You can do a quickly scan by click Scan Java Project, I preferre to use the Advance scan, as you can choose what you need for youself.
Click the Advance scan, choose the project source code at popup windows,then click ok.
Add the jars which project depends to scan code. Then click Ok.
Choose the jdk version adjust to project. Then click Next> button.
Click Configure Rulepacks … button, select rules and click ok. Then click Next> button.
Set these values for scan, then click Run scan button, and wait hours…
4 Get Rusult
After the scan finish, see like this:
Get the report by click Reports button
Note: Whatever the issues at scan result need the developers to do a Verify whether they are really a issues.
5 Resources