• Azure pipeline & java problem

    Hello Is anyone experied message " java.lang.UnsupportedClassVersionError: com/fortify/scancentral/launcher/Launcher has been compiled by a more recent version of the Java Runtime (class file version 61.0), this version of the Java Runtime only recognizes…
  • Performance of Fortify ScanCentral Sensors on k8s

    I'm finding the performance of running a ScanCentral Sensor on k8s to be slower than running on a VM. I'm using a Typescript app for my testing. On the VM, offloading both translate and scan, it consistently takes about 5m 30s. On k8s with the same version…
  • Scancentral Controller 23.2 and OpenSSL vulnerability

    Hello My client scaned ScanCentral Controller 23.2 with WebInspect 23.2 and WI found one medium OpenSSL issue (CWE ID 119, CWE ID 327). Did you know is new ongoing Fortify version (ver. 24 on May'24) resolves this problem or there is plan to publish…
  • SSL Certificate on Fortify ScanCentral Sensor on k8s

    I'm trying to stand up a Fortify ScanCentral Sensor on k8s, but I can't figure out how to get the Sensor to communicate with my ScanCentral Controller. It's certainly a problem with the SSL key. I must be passing it in to the container wrong. Anybody…
  • Can't execute a Fortify SCA remote analysis on Jenkins

    I have Fortify SSC and SCA v22.2.0 in different servers, apart from Jenkins as well. I installed Jenkins plugin v 21.2.37 and can't go to 22.x currently because it conflicts with another pipeline's plugin. From the documentation, I take that it should…
  • Fortify Software Security Center 23.2 Upgrade

    Good morning, Currently, we are working with Fortify Software Security Center 23.1 and we are planning to upgrade it to version 23.2. Is it also necessary to upgrade scancentral dast 23.1 and sast 23.1 to version 23.2? Best regards, Alejo
  • Azure DevOps Build Failure Criteria Compability Error on the SCSAST 23.1

    Hi all, I have managed to run a successful scan previously. When I try to run the second time, it shows this error: The Scancentral SAST I am using is 23.1. I am using the Scancentral SAST job from the Fortify Azure DevOps extension. This appears…
  • Changing The IP address of Fortify Machines

    H ello Dears, I hope everything is well . I have a quick question for SCA and SSC and webinspect . I already installed them in a different Azure cloud instance I also installed and configured the scan central controller and sensor. after I finished the…
  • Specify scan target path for Fortify SC SAST extension in azure DevOps for none build tool

    Hello everyone, I am using Fortify SC SAST Assessment extension in Azure DevOps pipeline to trigger the SAST scan. However, as the framework of the source code is not supported, I had to specify the Build tool = none. However, as I am scanning microservice…
  • UUID's on ScanCentral SAST Sensors Identical?

    Thanks for your guidance and/or assistance! We've ran into an issue were we only had 1 SAST Sensor setup and have added enough to require us to need 2 SAST Sensors. When we setup our new sensor (S2) it worked fine but we didn't realize that it was sharing…
  • SSC 23.1 Unable to locate source file rendering information. Completion of an SCA scan using the latest version of sourceanalyzer is required to view source files

    Issue is (Unable to locate source file rendering information. Completion of an SCA scan using the latest version of sourceanalyzer is required to view source files.) getting error in SSC
  • Scan Central Error

    Good Evening, URLS and such have been changed for anonymity. We have SSC Setup and we have the ScanCentral Controller setup but getting the following error when trying to scan using gitlab templates. This is the log file that is generated. 2023…
  • Exclude pod directory from fortify scan for Objective-C

    How to exclude Pods folder from Fortify scans in Objective-C? I tried to use the exclude command in sourceanalyzer , but no success, sourceanalyzer -b $BUILDID -exclude "/Pods" I also read somewhere that exclude won't work in Objective-C. Not…
  • Fortify Github Action

    Dears, Can i do the build failure criteria option in the GithHub Action pipeline that makes the workflow unstable if it matched the build failure criteria as it happens using Jenkins?
  • ScanCentral SAST itegration with GitHub Action

    Hello Dears, I am trying to perform a scan into GitHub action pipeline using Fortify scan-central sast scan all the steps done with success except the stage of Performing SASTscan which gave me an error. <Unable to connect to " /scancentral-ctrl…
  • ScanCentral SAST Scan - Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.0:compile (default-compile)

    Hi, I am trying to scan a a well known vulnerable application (webgoat-github.com/.../WebGoat) using the ScanCentral SAST scanner. To do that, I need to create a package using this command "/opt/Fortify/ScanCentral/bin/scancentral package --build-file…
  • Fortify SSC unable to authenticate with Fortify ScanCentral SAST

    Hello All. I have successfully installed both Scancentral and SSC versions 22.2 on two Windows 2019 servers respectively. I have confirmed by web browser and ping that both have a network path between each other over port 80(I am not using SSL/TLS)…
  • GitLab Fortify SAST Integration : Scan Requests indefinitely pending.

    Hello, I am currently building integration of Fortify CI/CD tools and GitLab for the purpose of introducting Sec/Ops into our build pipelines(Fortify SAST on-prem) I have SSC, ScanCentral controller and a SCA Sensor running and all communicating with…
  • ScanCentral SAST Sensors Moving From Default Pool to Unassigned

    Starting last week, our ScanCentral SAST sensors keep falling out of the Default sensor pool. We only have one SAST sensor pool, "Default". We can assign them to this pool, but almost every day over last week, they become "Unassigned". I cannot find anything…
  • Jenkins pipeline for remote translation, analysis, and uploading to SSC.

    I need help with setting up my pipeline correctly. I dont have much experience with jenkins and have learnt it on the fly when configuring SCA with Jenkins. Im building the code on my Jenkins controller (Host1) and then translating and scanning it on…
  • Suse version SP

    What version of the SUSE service pack does SCA support? Are they all compatible or do we have restrictions?
  • ScanCentral Controller web page not loading

    UPDATE - I fixed it. Needed to update my port on the server.xml to the right one. I'm running the ScanCentral Controller on localhost and its not loading for me. I've changed the port number as there was a conflict of a port already in use. I've changed…
  • Need Installation & User Guide Mobile Application Security Testing (MAST)

    Dear All, Any one can share me Installation & User Guide of Mobile Application Security Testing (MAST)
  • Unable to upload scan results for 10000 to SSC

    hi everyone, I'm currently trying to scan via Jenkins to scancentral sast with version 22.1 the scan process runs normally, but during the upload process I get an error. here are the logs I get: 2022-11-14 14:02:02,764 [ERROR] com.fortify.cloud…
  • Patches for Critical Vulnerabilities in fortify-ci-tools image

    Will there be image vulnerability patches to address the vulnerable findings identified in scans performed by tools Trivy, Grype, and Anchor?