Hi,
I'm trying to upload FPR in Fortify SSC but the UI shows Error Processing - FMDAL Exception
Exception: An unexpected error occurred during scan processing: com.fortify.manager.exception.FMDALException: Unable to execute batch.
I tried to clear…
Hi,
I have created a application version A which should pick a specific version state.. After creation, as the fpr showed Error Processing , I deleted the version.. But then I tried again to create the application version with same name, but it is…
I'm using Fortify SCA 24.4.0 with Q4 2024 Rulepacks. The release notes for the 2024 Q4 security content update indicate that the DIS STIG 6.1 report is supported in them. However, I don't see a corresponding item in the Fortify SCA 24.4.0 release notes…
Hi,
I am currently updating our SSC server from 23.1 to 24.4 and facing the following seeding error. I generated sql migration script and ran it against our DB before I started the seed bundles.
This happens when I seed "Fortify_Process_Seed_Bundle…
Hello everyone,
We are currently in the process of upgrading to Fortify SSC 22.2 (from 21.2) on a Windows Server 2019 VM on a production environment and we are facing some errors when trying to seed the database.
The migration process goes without…
Hello, I don't see fortifyclient in bin folder of /Fortify/Fortify_Apps_and_Tools_24.2.0/bin.Also I have searched under /Tools, but no luck. What could be the issue ? I am trying to upload .fpr file to SSC. Could somebody please help what am I missing…
I want to perform SCA analysis on my source code. By following some tutorials, I learned that we need a setup like the one below:
SSC (Software Security Center) Scan Central SAST Controller Sensor SCA Client
However, the trial version for Software…
Hi,
In our Fortify SSC we have been scanning code and uploaded artifacts to Version-A
We then created a new version - VERSION-B taking suppressions from Version-A and started uploading artifacts to this new VERSION-B (as we have some new set of code…
I'm on the DevOps team of a large organization with a lot of .NET applications. I'm trying to figure out what to recommend for Fortify SSC application version management for some of the larger applications. There doesn't seem to be guidance and there…
Hi,
Is there a way to print the total Lines of code for a fortify application ?
In Fortify SSC , we could see Executable LOC but I want the total lines of code for an application in fortify
Please suggest..
Hi everybody,
I have installed SSC version 23.2.0 on Windows Server 2019 VM and sqlserver db on another VM,
They see each other and TCP/IP connection works successfully but the connection is failed.
Note:
I have installed sql server db on same…
I am updating Fortify SSC from 22.2 to 23.2 and I am unable to perform a successful test connection during the initial setup. This is an upgrade so the only steps that were needed was to delete the old version ssc directory and ssc.war file and past the…
Hello, i'm trying to integrate Fortify SSC into my gitlab pipeline but i didn't work for me.
this is my pipeline script :
fortify-sast-scancentral :
image : fortifydocker/fortify-ci-tools:latest
variables :
SC_SAST_SENSOR_VERSION : '23.1'…
I am getting this error for SSC "Unable to locate source file rendering information. Completion of an SCA scan using the latest version of sourceanalyzer is required to view source files." however the code snippet is shown in audit work bench for the…
Hi , I am testing a version upgrade from Fortify SSC 18.2 to 22.2
To start with, I wanted to install Fortify SSC 18.2 first, I have installed Oracle database 12.2.0 , Fortify SSC 18.2, java 1.8 and apache tomcat 9.0.75
When I deployed the war file…
Using the BigBang helm charts to deploy both Keycloak and Fortify SSC.
We have deployed Keycloak and are using it successfully as the SAML IdP for other applications.
We are trying to integrate Fortify SSC with this instance of Keycloak, but when…
I have Fortify SSC and SCA v22.2.0 in different servers, apart from Jenkins as well.
I installed Jenkins plugin v 21.2.37 and can't go to 22.x currently because it conflicts with another pipeline's plugin. From the documentation, I take that it should…
Hi
For only one project I have a problem (bellow error datails) I cant upload to SSC via Audit workbenck or Azure pipeline job and with after login SCC with Auditworkbenck I can not dowload and access the project. But before I could upload and I can…
Hi,
I have set up Fortify SSC version 22 on my test instance. After logging in I saw that Search box is disabled. So, I have put the application in maintenance mode, enabled Global search, specified the location in text box and continued with database…
Hi,
I have created AnalysisUploadToken in SSC and using it with fortifyclient for fpr upload.
But even before the DaysToLive is reached, the token is not working for upload.
I have verified the serviceContext.xml (webapps/ssc/WEB-INF/internal/serviceContext…
Hi,
I wanted to upgrade my Fortify 18.2(Oracle 12c) to 22.2.0 (Oracle 19c). To test the same,
1. I have put the SSC test instance (Fortify 22.2) in maintenance mode
2. I have installed Fortify 22 in a test machine with Oracle 19c and copied the…
Hello,
I am trying to merge two FPR files with the FPRUtility tool. I have a file with analysis date let's say today at 8AM (with 4 issues), and another FPR file with analysis date at 10AM (with 0 issues).
I would like to merge these two files, specifying…
Hi,
I have configured Fortifity SSC 22.2.0 in a stage machine but am unable to login.
I verified the log file ssc.log in fortify home directory. The below error is shown -
/ssc/j_spring_security_check [WARN] com.fortify.manager.security.CustomLoggerListener…
Hi all,
I would like to try to scan DAST using URL Zero Web App manually directly in the DAST scancentral on the SSC dashboard, and for Fortify version I am using version 22.2. I have adjusted the scanning configuration settings according to my needs…