The Fortify Hosted SaaS solution is based on Fortify ScanCentral SAST and Fortify ScanCentral DAST architectures.
A Fortify ScanCentral SAST scan is a Fortify Hosted SaaS remote scan and it can be initiated by using:
- Fortify CI/CD integration - plugins, extensions and templates
- Fortify IDE Complete plugin
- Fortify ScanCentral SAST Client CLI (payload package + scan start)
- Fortify ScanCentral SAST Client CLI (payload package only) + Fortify CLI (scan start)
Here you find more details:
- Fortify CI/CD integration - plugins, extensions and templates
- Application Security Integration Ecosystem
- AzureDevOps
- Jenkins
- GitHub
- GitLab
- BitBucket
- AWS
- Google Cloud
- Oracle Cloud Infrastructure (OCI)
- Application Security Integration Ecosystem
- Fortify IDE Complete plugin
- Eclipse
- About Installing the Eclipse Complete Plugin (microfocus.com)- Fortify_SCA_and_Apps_XX.X.X installation file (available in the Fortify Hosted Support Hub - <sca_install_dir>/plugins/eclipse directory.
- About Scanning with Fortify ScanCentral SAST (microfocus.com)
-
There is another token (client_auth_token) to set up in your Fortify ScanCentral client installation.
-
Installing ScanCentral SAST Clients (microfocus.com) – Fortify_ScanCentral_Client_XX.X.X_x64.zip (available in the Fortify Hosted Support Hub ).
-
the value of the scSastClientAuthToken (provided by the Fortify Hosted team) needs to be used as client_auth_token’s value in the Fortify_ScanCentral_Client_XX.X.X_x64\Core\config\client.properties file.
-
-
- Visual Studio
- Installation (microfocus.com) - Fortify_SCA_and_Apps_XX.X.X installation file (available in the Fortify Hosted Support Hub ).
- About Scanning with Fortify ScanCentral SAST (microfocus.com)
- There is another token (client_auth_token) to set up in your Fortify ScanCentral client installation.
-
Installing ScanCentral SAST Clients (microfocus.com) – Fortify_ScanCentral_Client_XX.X.X_x64.zip (available in the Fortify Hosted Support Hub ).
-
the value of the scSastClientAuthToken (provided by the Fortify Hosted team) needs to be used as client_auth_token’s value in the Fortify_ScanCentral_Client_XX.X.X_x64\Core\config\client.properties file.
- Visual Code
- Fortify Extension for Visual Studio Code - Visual Studio Marketplace
- Performing an Analysis Remotely with Fortify ScanCentral SAST (microfocus.com)
-
There is another token (client_auth_token) to set up in your Fortify ScanCentral client installation.
-
Installing ScanCentral SAST Clients (microfocus.com) – Fortify_ScanCentral_Client_XX.X.X_x64.zip (available in the Fortify Hosted Support Hub ).
-
the value of the scSastClientAuthToken (provided by the Fortify Hosted team) needs to be used as client_auth_token’s value in the Fortify_ScanCentral_Client_XX.X.X_x64\Core\config\client.properties file.
-
-
- JetBrains (IntelliJ IDEA, AndroidStudio, PyCharm, WebStorm)
- Installing the Fortify Analysis Plugin (microfocus.com)- Fortify_SCA_and_Apps_XX.X.X installation file (available in the Fortify Hosted Support Hub) - <sca_install_dir>/plugins/IntelliJAnalysis directory.
- Scanning with Fortify ScanCentral SAST (microfocus.com)
-
There is another token (client_auth_token) to set up in your Fortify ScanCentral client installation.
-
Installing ScanCentral SAST Clients (microfocus.com) – Fortify_ScanCentral_Client_XX.X.X_x64.zip (available in the Fortify Hosted Support Hub).
-
the value of the scSastClientAuthToken (provided by the Fortify Hosted team) needs to be used as client_auth_token’s value in the Fortify_ScanCentral_Client_XX.X.X_x64\Core\config\client.properties file.
-
-
- Eclipse
- Fortify ScanCentral SAST Client CLI (payload package + scan start)
- Installing ScanCentral SAST Clients (microfocus.com) – Fortify_ScanCentral_Client_XX.X.X_x64.zip (available in the Fortify Hosted Support Hub).
- the value of the scSastClientAuthToken (provided by the Fortify Hosted team) needs to be used as client_auth_token’s value in the Fortify_ScanCentral_Client_XX.X.X_x64\Core\config\client.properties file.
- Submitting Scan Requests (microfocus.com) by using a Fortify SSC CIToken (SSC API Token Best Practices – Micro Focus (cyberreshelp.com)) for uploading the SAST results to Fortify SSC
- Fortify ScanCentral SAST Command-Line Options (microfocus.com)
- Example 1 (no build tool integration):
- Example 2 (maven build tool integration):
- Fortify ScanCentral SAST Command-Line Options (microfocus.com)
- Installing ScanCentral SAST Clients (microfocus.com) – Fortify_ScanCentral_Client_XX.X.X_x64.zip (available in the Fortify Hosted Support Hub).
- Fortify ScanCentral SAST Client CLI (payload package only) + Fortify CLI (scan start)
-
1_SET VARIABLES - Fortify Command Line Interface (FCLI) : The universal Fortify CLI
set FCLI_DEFAULT_SSC_URL=https://xxx.xxx.xxx.xxx/
set FCLI_DEFAULT_SSC_USER=userxxx
set FCLI_DEFAULT_SSC_PASSWORD=xxx
set FCLI_DEFAULT_SSC_CI_TOKEN=xxx-xxx-xxx-xxx-xxx
set FCLI_DEFAULT_SC_SAST_CLIENT_AUTH_TOKEN=xxx
set SSC_APPLICATION_NAME=xxx
set SSC_APPLICATION_VERSION=xxx
-
2_SSC LOGIN - Fortify Command Line Interface (FCLI) : The universal Fortify CLI
fcli ssc session login
-
3_SAST PAYLOAD PACKAGING WITH SCANCENTRAL
- Example (package without build integration): scancentral package -bt none -o package.zip
- Example (package with maven integration): scancentral package -bt mvn -o package.zip
-
4_FCLI SAST SCAN START - Fortify Command Line Interface (FCLI) : The universal Fortify CLI
- fcli sc-sast scan start --package-file=package.zip --appversion=%SSC_APPLICATION_NAME%:%SSC_APPLICATION_VERSION%
-