Micro Focus Fortify SSC

Use the Micro Focus Fortify SSC bundled plugin to upload Fortify SCA scan results to Micro Focus Fortify Software Security Center.

Prerequisites

Review these considerations before using the Micro Focus Fortify SSC plugin:

  • This plugin works together with the Fortify SCA plugin. When you run the Fortify SCA scan, you can then use the Fortify SSC plugin to pick up the scan results and upload them to Fortify Software Security Center.

    For details about the Fortify SCA plugin, see Micro Focus Fortify SCA.

  • If the processing of the Fortify scan results requires approval, make sure that the approval is granted through Fortify Software Security Center before you run the chain. Otherwise, the plugin step cannot complete.

Back to top

Configuration

When you add the Fortify SSC plugin to a chain, specify the following configuration details:

Field Description
Title Enter a name for this plugin step.
Fortify Software Security Center URL

Enter the Fortify Software Security Center server URL. You can set it as a global variable, for example:

{{FORTIFY_SSC_URL}}

For details, see Define chain and global variables.

Application name Enter the name of the application for which to store the scan results in Fortify Software Security Center.
Application version

Enter the version number associated with the application. If it doesn't exist, the plugin creates it.

To use the build number as the application version, set it as a variable:

{{chainnum}}

For details about built-in variables, see Use variables in chains.

Results file location (.fpr)

Enter the local path to the Fortify Project Results (FPR) file generated by the Fortify SCA plugin.

Leave empty to pick up the latest FPR file in the agent's workspace.

Filter set

(Optional) To filter the scan results based on a filter set, specify the ID of the filter set.

Leave empty to use the default filter set defined in Fortify Software Security Center.

Use advanced options

Provide the authentication tokens created in Fortify Software Security Center:

  • CIToken. Enables you to upload scan results to Fortify Software Security Center.

  • ScanCentralCrtlToken (Fortify Software Security Center 19.2.x or earlier) or UnifiedLoginToken. (Optional) Enables you to capture scan results and display them as findings in PulseUno.

Optionally, set the status check and timeout:

  • Check status every (in minutes). Specify how often to poll Fortify Software Security Center to check if FPR processing is completed, in minutes. Default: every minute.

  • Check timeout (in minutes). Specify how long to wait for FPR processing to complete before timing out, in minutes. The minimum timeout is 5 minutes. Default: 60 minutes.

Control options

(Optional) Expand Control options and define the following settings:

  • Enable step. Leave this option selected to enable the step to run.

    Clearing this option deactivates the step. Disabled steps are displayed crossed out in the list of chain steps.

  • Fail the step. Specify the conditions for failing the step, such as certain findings criteria and/or console log entries.

  • Mark step as unstable. Specify the conditions for making the step unstable, such as certain findings criteria and/or console log entries.

Output variables (Optional) Enter the variables to be passed to other steps down the chain. For details, see Publish output variables.

Back to top

See also: