The Fortify Hosted SaaS solution is based on Fortify Scan Central SAST, Fortify ScanCentral DAST and, optionally, Fortify Source Components Analysis (Debricked SCA) architectures.
A Fortify Source Components Analysis scan can be initiated by using:
-
Submit a Debricked scan request using the Debricked CLI
Debricked SaaS Standalone can be integrated with Fortify SSC by following these steps:
-
Download the “fortify-ssc-XX.X+-parser-debricked-cyclonedx-Y.Y.Y.zip” for SSC from:
https://github.com/fortify/fortify-ssc-parser-debricked-cyclonedx
https://github.com/fortify/fortify-ssc-parser-debricked-cyclonedx/releases -
Import and enable the parser plugin into Fortify SSC
-
Import Debricked results to Fortify SSC by using FCLI
- FCLI - Fortify Command Line Interface
- fcli ssc appversion-artifact import debricked --appversion=%SSC_APPLICATION_NAME%:&SSC_APPLICATION_VERSION& --repository=%DEBRICKED_REPOSITORY% --branch=dev -t==%DEBRICKED_TOKEN%