The Fortify Hosted SaaS solution is based on Fortify Scan Central SAST, Fortify ScanCentral DAST and, optionally, Fortify Source Components Analysis (Debricked SCA) architectures.
These are the SCA scan pre-requisites when initiating a Fortify Source Components Analysis:
- Customer Debricked Repository Name
- Customer Debricked Token
- Customer Fortify Software Security Center (SSC) URL (received on sign-up within a password protected document)
-
A Fortify SSC CI Token
- to be created either manually from the Fortify SSC web portal or automatically by using the Fortify SSC APIs
- An Application with libraries/dependencies to scan
- A Repository already created in Debricked
- An Application and Application Version already created in Fortify Software Security Center