The Fortify Hosted SaaS solution is based on Fortify ScanCentral SAST and Fortify ScanCentral DAST architectures.
A Fortify ScanCentral SAST scan is a Fortify Hosted SaaS remote scan and it can be initiated by using:
- Fortify CI/CD integration - plugins, extensions and templates
- Fortify IDE Complete plugin
- Fortify ScanCentral SAST Client CLI
Here you find more details:
- Fortify CI/CD integration - plugins, extensions and templates
- Application Security Integration Ecosystem | CyberRes (microfocus.com)
- AzureDevOps
- Jenkins
- GitHub
- GitLab
- BitBucket
- AWS
- Google Cloud
- Oracle Cloud Infrastructure (OCI)
- Application Security Integration Ecosystem | CyberRes (microfocus.com)
- Fortify IDE Complete plugin
- Eclipse
- About Installing the Eclipse Complete Plugin (microfocus.com)- Fortify_SCA_and_Apps_XX.X.X installation file (provided by the Fortify Hosted team) - <sca_install_dir>/plugins/eclipse directory.
- About Scanning with Fortify ScanCentral SAST (microfocus.com)
-
There is another token (client_auth_token) to set up in your Fortify ScanCentral client installation.
-
Installing ScanCentral SAST Clients (microfocus.com) – Fortify_ScanCentral_Client_XX.X.X_x64.zip (provided by the Fortify Hosted team)
-
the value of the scSastClientAuthToken (provided by the Fortify Hosted team) needs to be used as client_auth_token’s value in the Fortify_ScanCentral_Client_XX.X.X_x64\Core\config\client.properties file.
-
-
- Visual Studio
- Installation (microfocus.com) - Fortify_SCA_and_Apps_XX.X.X installation file (provided by the Fortify Hosted team)
- About Scanning with Fortify ScanCentral SAST (microfocus.com)
- There is another token (client_auth_token) to set up in your Fortify ScanCentral client installation.
-
Installing ScanCentral SAST Clients (microfocus.com) – Fortify_ScanCentral_Client_XX.X.X_x64.zip (provided by the Fortify Hosted team)
-
the value of the scSastClientAuthToken (provided by the Fortify Hosted team) needs to be used as client_auth_token’s value in the Fortify_ScanCentral_Client_XX.X.X_x64\Core\config\client.properties file.
- Visual Code
- Fortify Extension for Visual Studio Code - Visual Studio Marketplace
- Performing an Analysis Remotely with Fortify ScanCentral SAST (microfocus.com)
-
There is another token (client_auth_token) to set up in your Fortify ScanCentral client installation.
-
Installing ScanCentral SAST Clients (microfocus.com) – Fortify_ScanCentral_Client_XX.X.X_x64.zip (provided by the Fortify Hosted team)
-
the value of the scSastClientAuthToken (provided by the Fortify Hosted team) needs to be used as client_auth_token’s value in the Fortify_ScanCentral_Client_XX.X.X_x64\Core\config\client.properties file.
-
-
- JetBrains (IntelliJ IDEA, AndroidStudio, PyCharm, WebStorm)
- Installing the Fortify Analysis Plugin (microfocus.com)- Fortify_SCA_and_Apps_XX.X.X installation file (provided by the Fortify Hosted team) - <sca_install_dir>/plugins/IntelliJAnalysis directory.
- Scanning with Fortify ScanCentral SAST (microfocus.com)
-
There is another token (client_auth_token) to set up in your Fortify ScanCentral client installation.
-
Installing ScanCentral SAST Clients (microfocus.com) – Fortify_ScanCentral_Client_XX.X.X_x64.zip (provided by the Fortify Hosted team)
-
the value of the scSastClientAuthToken (provided by the Fortify Hosted team) needs to be used as client_auth_token’s value in the Fortify_ScanCentral_Client_XX.X.X_x64\Core\config\client.properties file.
-
-
- Eclipse
- Fortify ScanCentral SAST Client CLI
- Installing ScanCentral SAST Clients (microfocus.com) – Fortify_ScanCentral_Client_XX.X.X_x64.zip (provided by the Fortify Hosted team)
- the value of the scSastClientAuthToken (provided by the Fortify Hosted team) needs to be used as client_auth_token’s value in the Fortify_ScanCentral_Client_XX.X.X_x64\Core\config\client.properties file.
- Submitting Scan Requests (microfocus.com) by using a Fortify SSC CIToken (SSC API Token Best Practices – Micro Focus (cyberreshelp.com)) for uploading the SAST results to Fortify SSC
- Fortify ScanCentral SAST Command-Line Options (microfocus.com)
- Example 1 (no build tool integration): scancentral -url https://scsastctrl.xxxxx.fortifyhosted.com/scancentral-ctrl/start -bt none -upload -uptoken 26ba1667-53f8-4ab7-8419-1dcaec5ef728 --application eightball_tam_test --application-version 1
- Example 2 (maven build tool integration): scancentral -url https://scsastctrl.xxxxx.fortifyhosted.com/scancentral-ctrl/start -bt mvn -upload -uptoken 26ba1667-53f8-4ab7-8419-1dcaec5ef728 --application eightball_tam_test --application-version 1
- Fortify ScanCentral SAST Command-Line Options (microfocus.com)
- Installing ScanCentral SAST Clients (microfocus.com) – Fortify_ScanCentral_Client_XX.X.X_x64.zip (provided by the Fortify Hosted team)