The Fortify Hosted SaaS solution is based on Fortify Scan Central SAST, Fortify ScanCentral DAST and, optionally, Fortify Source Components Analysis (SCA Debricked) architectures.
A Fortify Source Components Analysis scan can be initiated by using:
-
Submit a Debricked scan request using either the OpenText Core SCA (Debricked) CI/CD Integration or CLI or Fortify Command Line Interface (fcli)
- SCA Debricked CI/CD Integration: CI/CD integrations | OpenText Core SCA Documentation
- SCA Debricked CLI: OpenText Core SCA CLI | OpenText Core SCA Documentation
- Fortify Command Line Interface:
- installing debricked-cli (only the first time) : fcli tool debricked-cli install
- run a scan: fcli tool debricked-cli run -- scan <PATH> -r <REPOSITORY-NAME-IN-DEBRICKED> -b <BRANCH-NAME> -c sha -t <DEBRICKED_ACCESS_TOKEN>
Debricked SaaS Standalone can be integrated with Fortify SSC by following these steps:
-
Download the “fortify-ssc-XX.X+-parser-debricked-cyclonedx-Y.Y.Y.zip” for SSC from:
https://github.com/fortify/fortify-ssc-parser-debricked-cyclonedx
https://github.com/fortify/fortify-ssc-parser-debricked-cyclonedx/releases -
Import and enable the parser plugin into Fortify SSC
-
Import SCA Debricked results to Fortify SSC by using fcli
- FCLI - Fortify Command Line Interface
- fcli ssc artifact import-debricked --appversion=<SSC_APPLICATION_NAME>:<SSC_APPLICATION_VERSION> -r=<REPOSITORY-NAME-IN-DEBRICKED> --branch=<BRANCH-NAME-IN-DEBRICKED> -t=<DEBRICKED_ACCESS_TOKEN>