Are fortify SSC and SCA impacted by CVE-2024-38816&CVE-2024-38819 via "spring-webflux" and "spring-webmvc" jars?
Environment
SCA and SSC
Situation
Applications serving static resources through the functional web frameworks WebMvc.fn…
How to resolve "Error while uploading file to ssc : exit status 52" when executing a scan in SCA.
Environment
Fortify Static Code Analyzer (SCA)
Situation
When executing a scan from SCA, it fails with a error of "Error while uploading…
It was unable to restart service due to not enough disk space. The Docker's windowsfilter folder grew up and took up almost full the disk space.
Environment
SSC 23.1 SC DAST 23.1
Situation
After running a long time, the Docker's windowsfilter…
Products
Fortify Static Code Analyzer, Fortify, Fortify WebInspect
Description
Pursuant to the product support lifecycle published on the Micro Focus website , one or more of the product versions included in your profile is/are entering…
On Linux systems, Fortify Audit Workbench can fail to start, resulting in the following error:
org.osgi.framework.BundleException: Exception in com.fortify.awb.AWBPlugin.start() of bundle com.fortify.awb.app.
at org.eclipse.osgi.internal.framework…
There are three different methods that can be used to prevent the source code and/or source snippets from being included in the results file (FPR):
Through the command line
By changing the fortify-scan.properties file
By using FPR utility
…
Summary Can mganss/HtmlSanitizer be used to mitigate XSS vulnerabilities for C#?
Products Fortify Static Code Analyzer Environment Static Code Analyzer (SCA) 2x.x
Situation Can the mganss/HtmlSanitizer library be used to mitigate C# XSS vulnerabilities…
Summary How to modify the number of lines of code displayed in a Legacy Report(PDF/XML).
Products Fortify Static Code Analyzer Environment Static Code Analyzer (SCA)
Situation The default number of lines of code displayed in the code snippet in a…
Summary When manually uploading the scan.json file, SSC prompts that this file type is not supported. The scan.json file can be uploaded with an API call.
Products Fortify Static Code Analyzer Environment Software Security Center (SSC) 22.1 Windows…
Summary There is a bug in SCA 22.2.X with the BIRT Report Generator using the Developer-Work-Book creation.
Products Fortify Environment Product version 22.2.X All operation systems.
Situation The BIRT Report Generation failing using the Developer…
Summary Silent (unattended installation) of Fortify SCA with plugins
Products Fortify Static Code Analyzer Environment Windows
Situation SCA silent installation (unattended) with plugins.
Resolution By using an Option File:
Download the installer…
Summary ScanCentral DAST container restarting and the log has an error of "Unable to start Kestrel. Internal.Cryptography.CryptoThrowHelper+WindowsCryptographicException: The specified network password is not correct."
Products Fortify Environment ScanCentral…
Summary A SCA scan of a project/solution is either running longer than expected or the scan errors out stating out of memory.
Products Fortify,Fortify Static Code Analyzer Environment Static Code Analyzer (SCA) 19.X, 20.X, 21.X Situation A SCA scan…
Fortify supports high-quality application release with less expense and effort.
At a Glance
Industry Technology
Location Quito, Ecuador
Challenge Find a more efficient way to identify and remediate vulnerabilities across a growing portfolio of…
Summary Which log shows Silent/Unattended Fortify SCA Installation completed?
Products Fortify Static Code Analyzer Environment SCA 21.2 on W2K19
Situation Unnattended SCA installation can be done with the following steps:
1. create a text file…
Fortify Static Code Analyzer is designed to identify security vulnerabilities in the user's source code early in the software development lifecycle and has been recognized as a Leader in the G2 Report for Static Code Analysis Spring 2022!
Click here…
Summary The customer is seeing slowness in the scans or the scans do not finish at all after several days, so the customer notes that an antivirus solution, like McAfee ENS solution, is installed on the machine where SCA is installed. How this situation…
Summary The customer is using the Security Assistant for Visual Studio, and wants to know why Security Assistant is not detecting vulnerabilities.
Products Fortify Static Code Analyzer Situation The Security Assistant is not detecting vulnerabilities…
Summary When trying to execute any SCA CLI commands returns, [error]: The Java virtual machine /path/Fortify_SCA_and_Apps_20.2.0/jre/lib/amd64/server/libjvm.so is unable to load Fortify sourceanalyzer. Please ensure that your Java installation meets minimum…