• FPR Upload shows Error Processing - FMDAL Exception

    Hi, I'm trying to upload FPR in Fortify SSC but the UI shows Error Processing - FMDAL Exception Exception: An unexpected error occurred during scan processing: com.fortify.manager.exception.FMDALException: Unable to execute batch. I tried to clear…
  • SSC - New Application version creation

    Hi, I have created a application version A which should pick a specific version state.. After creation, as the fpr showed Error Processing , I deleted the version.. But then I tried again to create the application version with same name, but it is…
  • Fortify SCA 24.4.0 with 2024 Q4 Rulepacks: DISA STIG 6.1 BIRT report not available for export

    I'm using Fortify SCA 24.4.0 with Q4 2024 Rulepacks. The release notes for the 2024 Q4 security content update indicate that the DIS STIG 6.1 report is supported in them. However, I don't see a corresponding item in the Fortify SCA 24.4.0 release notes…
  • SSC Seeding error when upgrading to 24.4

    Hi, I am currently updating our SSC server from 23.1 to 24.4 and facing the following seeding error. I generated sql migration script and ran it against our DB before I started the seed bundles. This happens when I seed "Fortify_Process_Seed_Bundle…
  • Fortify SSC - error when seeding init bundle when updating

    Hello everyone, We are currently in the process of upgrading to Fortify SSC 22.2 (from 21.2) on a Windows Server 2019 VM on a production environment and we are facing some errors when trying to seed the database. The migration process goes without…
  • Audit action Software Security Center (SSC) API Conflict

    Hi, I am using a /projectVersions/{parentId}/issues/action/audit API but there is a conflict error, it worked once. I'm using priority override for this audit. For example, I have a vulnerability category whose criticality I need to change. I'm making…
  • Does Fortify SSC support an option to carry forward suppressions from application VERSION-B to VERSION-A

    Hi, In our Fortify SSC we have been scanning code and uploaded artifacts to Version-A We then created a new version - VERSION-B taking suppressions from Version-A and started uploading artifacts to this new VERSION-B (as we have some new set of code…
  • Is there a way to print the total Lines of code for a fortify application

    Hi, Is there a way to print the total Lines of code for a fortify application ? In Fortify SSC , we could see Executable LOC but I want the total lines of code for an application in fortify Please suggest..
  • Trying to upgrade SSC 20.1 to 21.2 but getting a seeding error

    Hi, I am trying to upgrade SSC 20.1 to 21.2 and getting these errors during the seeding of database process. Let me know if you need any other information. "Unable to process the Fortify_Process_Seed_Bundle-2021_Q4_0001.zip. Seeding failed: Unable…
  • Fortify SSC 18.2 deployment issue

    Hi , I am testing a version upgrade from Fortify SSC 18.2 to 22.2 To start with, I wanted to install Fortify SSC 18.2 first, I have installed Oracle database 12.2.0 , Fortify SSC 18.2, java 1.8 and apache tomcat 9.0.75 When I deployed the war file…
  • Fortify 23.1 to 23.2 update error (Oracle Database)

    Hi! I'm recieving some errors when I try to update my 23.1 Fortify to the 23.2 version. I have downloaded the "ssc23.2-migration.sql" for Oracle in the SSC UI, but when I try to run it, I recieve a lot of errors... Mainly the error ORA-00942…
  • Versions for Fortify SSC upgrade

    Hi, I want to upgrade my Fortify SSC 18.2 to Fortify 22.2 I have noted the steps to upgrade. But am confused about the versions to be picked as we cannot upgrade directly from 18.2 to 22.2 Please suggest the order of versions required for upgrading…
  • Unable to connect to Fortify SSC from Visual Studio Code Fortify Remediation extension

    I am running Visual Studio Code on Windows 10 with Fortify Extension for Visual Studio Code v23.1.0 and Fortify Remediation Extension for Visual Studio Code v23.1.1 installed. I have Fortify SCA and apps version 22.2.1 installed. I tried connecting…
  • Fortify SSC Server - "Bad Certificate" Error When Trying to Connect with Audit Workbench

    Hello. Recently I have been banging my head against the wall trying to figure this out. I am unable to upload FPR projects to my Fortify SSC server from Audit Workbench. The error I get goes along the lines of, "javax.net.ssl.SSLHandshakeException:…
  • Global Search box not working in SSC even after enabling global search in SSC configuration

    Hi, I have set up Fortify SSC version 22 on my test instance. After logging in I saw that Search box is disabled. So, I have put the application in maintenance mode, enabled Global search, specified the location in text box and continued with database…
  • AnalysisUploadToken not working even before DaysToLive is completed

    Hi, I have created AnalysisUploadToken in SSC and using it with fortifyclient for fpr upload. But even before the DaysToLive is reached, the token is not working for upload. I have verified the serviceContext.xml (webapps/ssc/WEB-INF/internal/serviceContext…
  • Seed bundle fails

    Hi, I wanted to upgrade my Fortify 18.2(Oracle 12c) to 22.2.0 (Oracle 19c). To test the same, 1. I have put the SSC test instance (Fortify 22.2) in maintenance mode 2. I have installed Fortify 22 in a test machine with Oracle 19c and copied the…
  • Reset admin password for Fortify 22.2

    Hi, I have configured Fortifity SSC 22.2.0 in a stage machine but am unable to login. I verified the log file ssc.log in fortify home directory. The below error is shown - /ssc/j_spring_security_check [WARN] com.fortify.manager.security.CustomLoggerListener…
  • Auto with SSC install and admin user

    I am using Fortify SSC K8s helm chart to install. After install am trying to find way to programmatically set the admin user password. If use UI auto prompted to set a new admin password. Do not want login to UI as this needs automation. How is possible…
  • Using Fortify Vulnerability Exporter to generate a JSON file it takes same amount time as it does to generate an FPR file if the FPR file is large in size

    I t takes the same amount of time to generate a JSON file as it does to generate an FPR file if the FPR file is large. Extending the whole job process is unnecessary. It is required JSON file generation should be optimized to reduce time. Unnecessary…
  • Fortify SSC database import

    Hi, I have a Fortify SSC version 18.2 in production environment. And version 22.2 in stage environment. Can I export the data from Fortify SSC in production and import it to the database 19c in my stage environment? Will the data be visible in stage…
  • Can we force delete artifacts from Fortify SSC for a particular application?

    Hi, I'm using Fortify SSC 18.2 version. When I tried to delete the artifact for an application, It says "Deleting" and it is never deleted. After that, again at a later point, I uploaded another artifact for which the upload command submitted but…
  • Custom Fortify SSC parser plugin Caused by: oracle.jdbc.OracleDatabaseException: ORA-06553: PLS-306: wrong number or types of arguments in call to 'UPDATEEXISTINGWITHLATEST'

    Hello, I'm developing a custom parser. The jar file is properly generated and installed on FSSC. When I upload an artifact to FSSC I always get the following error. Exception: An unexpected error occurred during scan processing: com.fortify.manager…
  • How is Assignee list populated in Fortify JIRA Integration

    Hi, After fortify SSC JIRA integration, when we tried to file a bug , we could see few fields populated . In the Assignee field, we could see only few names populated starting with A . So could not assign the JIRA to the right person. we have…
  • Fortify resuts upload to SSC failing with FAtal error - [Fatal Error] :6:3: The element type "hr" must be terminated by the matching end-tag "</hr>"

    Hi, I have a jenkins job which does the fortify scan and uploads the results to SSC to respective application and specific version. The job does parallel scans and uploads results in parallel. One of my jobs failed as the upload command failed…