FoD ScanCentral Error from Azure DevOps Pipeline

Following the documentation, I do not set a ScanCentral file location because it is an auto-hosted agent. Auto-hosted agents are supposed to install this at run time.  When I run the pipeline, I get the following error for the FortifyOnDemandStatic step:

Starting: FortifyOnDemandStatic
==============================================================================
Task : Fortify on Demand Static Assessment
Description : Submit code for Fortify on Demand security assessment
Version : 9.3.0
Author : Micro Focus
Help :
==============================================================================
Starting Fortify on Demand Static Assessment Task
Auth Scheme: Token
Auth: a9d5ad05-160f-4e83-87e4-8ba39efd3c05
Url: https://api.trial.fortify.com/
Portal Url: https://trial.fortify.com
Auth Type: Token
Proxy Host:
Proxy Port:
Authenticating with Fortify on Demand
Authenticating with Fortify on Demand complete
##[error]Response status: 500
##[error]Failed to download ScanCentral Client
Finishing: FortifyOnDemandStatic

Any idea why it's failing to download the ScanCentral Client? The agent is in Azure commercial with no network restrictions.

  • 0  

    Hello Can you show us your pipeline steps?

  • 0 in reply to   
    triggernone

    pool:
      vmImage'ubuntu-latest'

    variables:
      solution'**/*.sln'
      buildPlatform'Any CPU'
      buildConfiguration'Release'

    steps:
    taskFortifyOnDemandStatic@9
      inputs:
        FortifyProjects'$(build.artifactStagingDirectory)'
        FodConnection'FortifyOnDemand'
        ReleaseOptions'0'
        ReleaseId234176
        EntitlementSelection'1'
        EntitlementPreference'0'
        OverrideScanSettings'2'
        InProgressScanActionType'0'
        RemediationScanPreference'0'
        BuildType'dotnet'
        PolicyFailAction'1'
        
  • 0   in reply to 

    The error you're encountering with the Fortify on Demand Static Assessment task indicates that there’s an issue on the server side (status code 500 refers to an internal server error).

    Here are a few things you can check to resolve the issue:

    1. Check Fortify on Demand Service Status

    A 500 error usually points to an issue on the server. Make sure the Fortify on Demand service (API endpoint) is up and running. You can check the service status at Fortify's status page (if available) or contact their support team.

    2. Verify API Token and Connection

    Ensure that the API token (in your logs) is valid and hasn’t expired or been revoked.

    3. Check if ScanCentral is Set Up Properly

    The error message indicates that the ScanCentral Client could not be downloaded. Verify that:

    • ScanCentral Client is available on Fortify’s server.
    • Your pipeline has network access to download it.