Fortify Software Security Center (SSC)

Table of Contents

Supported methods
Configuration

Supported methods

The integration supports the following:

File Upload: The supported file formats are FVDL and FPR.
Remote Connection: Download scan results using Fortify SSC web services.

Configuration options are detailed below.

Configuration

Connection details

Enter the connection details for the server.

Protocol	Select the protocol for the connection (HTTPS or HTTP) (Default: HTTPS)
Server	The domain name or IP address of the server, such as `ssc.server.com`.
Context Root	Top-level location where Fortify SSC is installed on a server. The value for this may be dependent on the configuration of an internal corporate proxy, or where an administrator has installed Fortify SSC.

Protocol

Select the protocol for the connection (HTTPS or HTTP) (Default: HTTPS)

Server

The domain name or IP address of the server, such as ssc.server.com.

Context Root

Top-level location where Fortify SSC is installed on a server. The value for this may be dependent on the configuration of an internal corporate proxy, or where an administrator has installed Fortify SSC.

Credentials

Enter the credentials needed to authenticate to the server. The connection supports either Basic Authentication or Token Authentication. Token Authentication should be used with instances of Fortify of version 20 or higher.

Basic Authentication

Username	Username authorized to connect with the server. This user should have API permissions in their Fortify account that allow for: Listing projects Getting project versions Generating a token that has `DownloadFileTransferToken` permissions
Password	The password used to authenticate to the server

Username

Username authorized to connect with the server. This user should have API permissions in their Fortify account that allow for:

Listing projects
Getting project versions
Generating a token that has DownloadFileTransferToken permissions

Password

The password used to authenticate to the server

Token Authentication

Token	API Token (of type `CIToken`) generated within Fortify.

Token

API Token (of type CIToken) generated within Fortify.

Synchronization

Enter details about connecting to the server.

This Verification server is hosted within a private network and cannot be reached directly by SD Elements.	Select this option if SD Elements does not have direct network access to the Fortify server. For example, if you are using a hosted SD Elements instance but you want to integrate with an internal/protected Fortify system, choose this option and run the Remote Integration Agent to perform integration.

This Verification server is hosted within a private network and cannot be reached directly by SD Elements.

Select this option if SD Elements does not have direct network access to the Fortify server.

For example, if you are using a hosted SD Elements instance but you want to integrate with an internal/protected Fortify system, choose this option and run the Remote Integration Agent to perform integration.

Advanced options

Enter advanced configuration options.

Bypass server certificate validation for HTTPS (insecure, only for testing purposes)	Check this option if you need to test a connection without the proper SSL/TLS certificates.

Bypass server certificate validation for HTTPS (insecure, only for testing purposes)

Check this option if you need to test a connection without the proper SSL/TLS certificates.

Sync frequency

Select how frequently SD Elements should retrieve scan results from the server. You can choose from the following options. The more frequently you run an import, the greater the performance impact on both SD Elements and the server. This is generally only a concern for large organizations running many imports at once.

Hourly, Daily, Weekly, or Monthly	The projects will import scan results automatically every hour, day, week or month. Daily import is typically sufficient. However, you may want to select a more frequent interval if development moves quickly in your organization.
Manually	You must click the Import button on the Verification Integrations page to import the results. This is the default value.

Hourly, Daily, Weekly, or Monthly

The projects will import scan results automatically every hour, day, week or month. Daily import is typically sufficient. However, you may want to select a more frequent interval if development moves quickly in your organization.

Manually

You must click the Import button on the Verification Integrations page to import the results. This is the default value.

Project details

Enter the information required to import scan results from a Fortify SSC project.

Project Name	The name of the project in Fortify SSC.
Project Version	The version of the project in Fortify SSC.

Project Name

The name of the project in Fortify SSC.

Project Version

The version of the project in Fortify SSC.

Fortify Software Security Center (SSC)

Fortify Software Security Center (SSC)

Supported methods

Configuration

Connection details

Credentials

Basic Authentication

Token Authentication

Synchronization

Advanced options

Sync frequency

Project details

results matching ""

No results matching ""