The Fortify Hosted SaaS solution is based on Fortify Scan Central SAST, Fortify ScanCentral DAST and, optionally, Fortify Source Components Analysis (Sonatype SCA) architectures.
These are the SAST scan pre-requisites when initiating a Fortify ScanCentral SAST remote scan:
- Customer Fortify Software Security Center (SSC) URL and Fortify ScanCentral SAST Controller URL (received on sign-up within a password protected document)
- Customer Fortify Hosted SAST Client Authentication Token – often referred to as scSastClientAuthToken (received on sign-up within a password protected document)
- A Fortify SSC CI Token
- to be created either manually from the Fortify SSC web portal or automatically by using the Fortify SSC APIs
- An application with source code to scan
- An Application and Version already created in Fortify Software Security Center