• Audit action Software Security Center (SSC) API Conflict

    Hi, I am using a /projectVersions/{parentId}/issues/action/audit API but there is a conflict error, it worked once. I'm using priority override for this audit. For example, I have a vulnerability category whose criticality I need to change. I'm making…
  • OpenAPI Misconfiguration: Credential Leakage - servers = localhost

    Hi Does this issue make sense when servers is just an url for localhost? If it does not, is there any way to customize/review this rule? TIA Leo
  • Request - FoD - scan REST API using UFT One API scripts as input data

    Currently, from Dynamic Scan, when configuring a Dynamic API Assessment there are 4 options: Postman OpenAPI GraphQL gRPC We would like the option to import from UFT One API scripts. As this OpenText application is used instead of Postman…
  • appplication-version-binary-files/upload API for DAST Controller

    Considering the DAST Controller API. Ultimately we want to upload a macro into a DAST scan or apply it to a scan that has yet to run. We can create an upload session for the macro just fine. This gives it an ID: /api/v2/application-version-binary…
  • Fortify-ssc API to update authEntities (users) roles

    Hi all I am after Fortify-ssc API to update users (authEntities) roles. I can user /authEntities/{parentId}/roles to list users roles, but sounds like there is no PUT one for this. We're on Software Security Center version 23.1.2.0005. Appreciate…
  • Is there an API managed by Fortify to test, similar to zero.webappsecurity.com for web app testing?

    As the subject suggest, are there Fortify resources for testing API scans? (i.e Postman/Swagger/etc.. API with default username/credentials)
  • Scancentral DAST API Scan getting An error has Occoured. Internal Server error occured

    Scancentral DAST API Scan getting An error has Occoured. Internal Server error occured
  • Create a new application version by holding audit data of the existing application version and then upload .fpr file on Fortify SSC dynamically using REST API

    Hi, We are trying to automate the below task: Could you please help us what are the Apis we should call to perform these tasks. 1. Create a new application version by holding audit data of the existing application version. 2. Upload the .fpr file…
  • Unable to retrieve DAST product license from the LIM: Empty response

    Hi all I encountered this error in my Fortify ScanCentral DAST 22.2 GlobalService container as shown below: Meanwhile in LIM host, I have an existing Fortify ScanCentral DAST license . In the API log, it shows this: May I know how do i resolve…
  • Getting the Alert: Auto Response State Fail detected. Please add response state rule

    When we are submitting API scan using postman collection file. We are getting the following alert: Auto Response State Fail detected. Please add response state rule What could be the reason?
  • How do recommends fortify the insecure HTTP method for 405 API call

    I am building a RESTful API. When the client uses an unsupported method such as GET on a resource that does not supports it, I am returning a 405 with the Allow header which lists the allowed methods: Status Code: 405 Method Not Allowed Allow: DELETE…
  • Does websinepct support Graphql?

    Is it possible to scan GraphQL API using Fortify Webinspect?
  • Can I export Traffic Viewer .tsf file to Excel?

    Hello, I have used postman to record requests/responses in Traffic Viewer for an API scan in WebInspect. Before I start the scan though, I want to send the requests/responses to the application team to review and ensure the responses are correct …
  • WebInspect Desktop sensor error when downloading the scan via the WebInspect API.

    When executing the scan successfully, an error occurs in the step where the WebInspect API downloads the scan to send to ScanCentral DAST. Logs: ERROR | 2022-10-21 15:54:28.7288 | DAST.Shared.Service.WebInspectRestApiWrapperService.WebInspectRestApiWrapper…
  • Scanner Worker Service won't start

    After have following the necessary steps for starting the Scanner Worker Service, we get an error showing 1053 code. 1. ensure the WebInspect Sensor service is not running. 2. verify the WebInspect API service is running. 3. No modifications have been…
  • Looking for work around when sending a unique tag through Postman API request, then scanning in WebInspect.

    Hello community, I am running a Postman API scan through WebInspect, but I am having a small issue that I hope someone can assist me with. To be clear, WebInspect is working correctly, I just need assistance to see if what I need is achievable or not…
  • WebInspect - API Scan with hidden definition.

    Hello I want to scan the REST API (Swagger type) where the definitions are hidden. I have received a JSON file with the definitions. Scan wizzard dosen't provide simple use of external definition file. Somebody face with similar problem? How to pass…
  • ScanCentral DAST API Issue

    I have finished running the configuration tool, added the API URL into SSC and enabled ScanCentral DAST and I get the following on the ScanCentral tab: SSC and the DAST API are on two separate VMs and nothing is blocking the connection between the…
  • Truncated results from REST API

    When running the following REST API request long fields within an event are truncated: https://api.emea.fortify.com/api/v3/eventlogs/download This seems to happen if the field value is >1024 characters EG in the Notes field of this event: {" Event…
  • SSC: Find all occurences of a Category over all applications (API)

    Is there a way to retrieve all applications that are effected by a specific Category e.g. " Cache Management: Insecure Policy" We have hundreds of applications and I don't want to search each application. I would prefer usage of the API, but finding…
  • WIE API False Positive results

    Is there anywhere in the api for WebInspect Enterprise that I can pull the stats for false positives? I know where I can see the stats for each scan (critical, high, medium, low......). but I can't find anything regarding false positive info. Is that…
  • Config SSC SSO using API

    Hi, Is it possible to configure a Single Sign on provider using the SSC APIs? Or can it only be down through the Admin section of the UI... We are using SSC 20.2 Thanks.
  • SSC REST API issueSummaries non-deterministic behaviour

    Expected: Swagger API response is same to that when called from Python Actual: Grouping appears the same but the "id" and "cleanName" are different I'm using the exact same authentication header with the same token from the same user, and I'm copy…
  • How to add Fortify in CI/CD processes

    Hi, can anyone help me? I am using Fortify Software Security Center 19.2.0.3191 and I need to add it in my CI/CD processes. can't find REST api for starting scanning process I can't find how after scanning create task in my Task management…
  • Database got inserted additional data after API scan using WIE20.1

    Hi Experts, We executed an API scan using WIE 20.1. After executed the scan, our customer claimed that their database has been inserted some test data (please check attached screenshoot) by WIE scan engine. We want to know if there is any scan methods…