Fortify software security center installation guide

RiskSense users can configure the connector to pull scan data from Fortify Software Security Center on a periodic basis. The RiskSense Fortify connector programmatically connects with Fortify SSC to pull in scan data for either source code or web applications. For the RiskSense Fortify connector to work properly, the following steps must be performed:. Fortify SSC is used for processing. Navigate to the Fortify website and sign up for an account.

Download the following products:. A static code analysis report must be generated for further processing. This can be done by following these steps.

Note : Webgoat is an open-source Java application that was deliberately created to have security vulnerabilities that can be scanned by application scanners. Once the scan is complete, click the Manage Scans tab to view the scans that have been performed. This downloads an. Log in to Fortify SSC as a user with upload access. Navigate to the Applications tab and click New Application Version , following the instructions provided in the tab.

Enter your Fortify credentials in the Create Connector form. The fields include:. Once the form is complete, click the Test Credentials button to ensure the credentials are valid. This guide takes you through the steps to set up a running Fortify Software Security Center SSC instance that you can either configure from the SSC Setup wizard user interface or configure automatically using the autoconfig file.

Because you must be able to access the provisioned EC2 instance to finish setup, you must have an AWS key pair. If you are not providing a database, you can set one up on RDS. The required parameters are:.

After provisioning the default Tomcat server, AWS reads from an. User Guide. Supported methods The integration supports the following:. Configuration Connection details Enter the connection details for the server.

The domain name or IP address of the server, such as ssc. Credentials Enter the credentials needed to authenticate to the server. Basic Authentication Username Username authorized to connect with the server. Synchronization Enter details about connecting to the server. Select this option if SD Elements does not have direct network access to the server. Advanced options Enter advanced configuration options. Sync frequency Select how frequently SD Elements should retrieve scan results from the server.