Hello
Is anyone experied message " java.lang.UnsupportedClassVersionError: com/fortify/scancentral/launcher/Launcher has been compiled by a more recent version of the Java Runtime (class file version 61.0), this version of the Java Runtime only recognizes…
I'm finding the performance of running a ScanCentral Sensor on k8s to be slower than running on a VM. I'm using a Typescript app for my testing. On the VM, offloading both translate and scan, it consistently takes about 5m 30s. On k8s with the same version…
Hello
My client scaned ScanCentral Controller 23.2 with WebInspect 23.2 and WI found one medium OpenSSL issue (CWE ID 119, CWE ID 327). Did you know is new ongoing Fortify version (ver. 24 on May'24) resolves this problem or there is plan to publish…
I'm trying to stand up a Fortify ScanCentral Sensor on k8s, but I can't figure out how to get the Sensor to communicate with my ScanCentral Controller. It's certainly a problem with the SSL key. I must be passing it in to the container wrong. Anybody…
I have Fortify SSC and SCA v22.2.0 in different servers, apart from Jenkins as well.
I installed Jenkins plugin v 21.2.37 and can't go to 22.x currently because it conflicts with another pipeline's plugin. From the documentation, I take that it should…
Good morning,
Currently, we are working with Fortify Software Security Center 23.1 and we are planning to upgrade it to version 23.2.
Is it also necessary to upgrade scancentral dast 23.1 and sast 23.1 to version 23.2?
Best regards,
Alejo
Hi all, I have managed to run a successful scan previously. When I try to run the second time, it shows this error:
The Scancentral SAST I am using is 23.1. I am using the Scancentral SAST job from the Fortify Azure DevOps extension.
This appears…
H ello Dears, I hope everything is well . I have a quick question for SCA and SSC and webinspect . I already installed them in a different Azure cloud instance I also installed and configured the scan central controller and sensor. after I finished the…
Hello everyone,
I am using Fortify SC SAST Assessment extension in Azure DevOps pipeline to trigger the SAST scan. However, as the framework of the source code is not supported, I had to specify the Build tool = none.
However, as I am scanning microservice…
Thanks for your guidance and/or assistance!
We've ran into an issue were we only had 1 SAST Sensor setup and have added enough to require us to need 2 SAST Sensors. When we setup our new sensor (S2) it worked fine but we didn't realize that it was sharing…
Issue is (Unable to locate source file rendering information. Completion of an SCA scan using the latest version of sourceanalyzer is required to view source files.) getting error in SSC
Good Evening,
URLS and such have been changed for anonymity.
We have SSC Setup and we have the ScanCentral Controller setup but getting the following error when trying to scan using gitlab templates.
This is the log file that is generated.
2023…
How to exclude Pods folder from Fortify scans in Objective-C?
I tried to use the exclude command in sourceanalyzer , but no success,
sourceanalyzer -b $BUILDID -exclude "/Pods"
I also read somewhere that exclude won't work in Objective-C. Not…
Dears, Can i do the build failure criteria option in the GithHub Action pipeline that makes the workflow unstable if it matched the build failure criteria as it happens using Jenkins?
Hello Dears,
I am trying to perform a scan into GitHub action pipeline using Fortify scan-central sast scan all the steps done with success except the stage of
Performing SASTscan which gave me an error. <Unable to connect to " /scancentral-ctrl…
Hi,
I am trying to scan a a well known vulnerable application (webgoat-github.com/.../WebGoat) using the ScanCentral SAST scanner. To do that, I need to create a package using this command "/opt/Fortify/ScanCentral/bin/scancentral package --build-file…
Hello All.
I have successfully installed both Scancentral and SSC versions 22.2 on two Windows 2019 servers respectively. I have confirmed by web browser and ping that both have a network path between each other over port 80(I am not using SSL/TLS)…
Hello,
I am currently building integration of Fortify CI/CD tools and GitLab for the purpose of introducting Sec/Ops into our build pipelines(Fortify SAST on-prem) I have SSC, ScanCentral controller and a SCA Sensor running and all communicating with…
Starting last week, our ScanCentral SAST sensors keep falling out of the Default sensor pool. We only have one SAST sensor pool, "Default". We can assign them to this pool, but almost every day over last week, they become "Unassigned". I cannot find anything…
I need help with setting up my pipeline correctly. I dont have much experience with jenkins and have learnt it on the fly when configuring SCA with Jenkins.
Im building the code on my Jenkins controller (Host1) and then translating and scanning it on…
UPDATE - I fixed it. Needed to update my port on the server.xml to the right one.
I'm running the ScanCentral Controller on localhost and its not loading for me. I've changed the port number as there was a conflict of a port already in use. I've changed…
hi everyone,
I'm currently trying to scan via Jenkins to scancentral sast with version 22.1
the scan process runs normally, but during the upload process I get an error.
here are the logs I get:
2022-11-14 14:02:02,764 [ERROR] com.fortify.cloud…