Micro Focus Fortify Hosted is a single-tenant, cloud-based enterprise service, managed by Micro Focus, for automating application security programs.
Fortify Hosted provides Static Application Security Testing (SAST), Dynamic Application Security testing (DAST) and optionally Software Composition Analysis (SCA) that can be fully integrated into the Customer’s Software Development Life Cycle. The key components are shown below.
This is the central management system that allows a customer to manage their enterprise application security program. It has both a web user interface and a comprehensive API.
- ScanCentral SAST
This is an extension to Software Security Center that controls the queuing and execution of SAST assessments. The assessments are performed by Fortify Static Code Analyzer.
- ScanCentral DAST
This is an extension to Software Security Center that controls the queuing and execution of DAST assessments. The assessments are performed by Fortify WebInspect.
Micro Focus have partnered with Sonatype to offer SCA assessments fully integrated into the Fortify Hosted platform. The assessments are performed by Nexus IQ Server. Alternatively Fortify Hosted can be integrated with Foritfy's public cloud Software Composition Analysis service, Debricked.
These are a range of end-user tools that can be installed by the customer in their environment to submit assessment requests, work with the results and more. They consist of plug-ins/extensions, API integrations and command line utilities that integrate with a wide range of software development tools to embed Fortify Hosted into your DevOps development life cycle.
For a demonstration of how Fortify Hosted can be integrated into a DevOps environment see our Video Tutorials