Description
Fortify Hosted SAST troubleshooting steps
Solution
Section 1: Collect software versions
Please gather the following information:
1). Software Language and version getting scanned.
2). Did you scan this same application in the past properly? What has changed now from the past?
3). Are you able to scan a different package/project for the same language you are trying to scan?
4). The token string being used to run the scan.
Note: either Opentext support engineer or Ops can provide the following information:
5). SSC Version
6). ScanCentral SAST Controller version
7). ScanCentral SAST Sensor version
8). ScanCentral Rulepack version
9). ScanCentral Client version
Section 2: Collect Job token, sensor name, ScanCentral Client logs and package.zip
Collect Job token Scan log
1). Please go In Fortify SSC to ScanCentral | SAST
2). Gather the following information:
A). Job token
B). Sensor name (Sensors JVM) where the scan was running
C). Export of Scan Log (How to collect SAST Scan log in SSC)
Collect ScanCentral Client logs
A). Always ask the customer for ScanCentral Client logs in Debug mode to check packaging and upload logs
How to collect Scancentral packaging and start scan logs
Please provide the payload/package.zip before the scan happens for further investigation
Make sure the package structure is correct:
What is the package structure after using ScanCentral to package Source files?