The Fortify Hosted SaaS solution is based on Fortify Scan Central SAST, Fortify ScanCentral DAST and, optionally, Fortify Source Components Analysis (Sonatype SCA) architectures.
These are the SCA scan pre-requisites when initiating a Fortify Source Components Analysis:
- Customer Sonatype IQ Server URL (received on sign-up within a password protected document)
- Customer Sonatype IQ Server User (received on sign-up within a password protected document)
- Customer Sonatype IQ Server PWD (received on sign-up within a password protected document)
- Customer Fortify Software Security Center (SSC) URL (received on sign-up within a password protected document)
- A Fortify SSC CI Token
- to be created either manually from the Fortify SSC web portal or automatically by using the Fortify SSC APIs
- An Application with libraries/dependencies to scan
- An Application and Application ID already created in Sonatype IQ Server
- An Application and Application Version already created in Fortify Software Security Center