Hello everyone,
We are currently in the process of upgrading to Fortify SSC 22.2 (from 21.2) on a Windows Server 2019 VM on a production environment and we are facing some errors when trying to seed the database.
The migration process goes without…
Hello, I don't see fortifyclient in bin folder of /Fortify/Fortify_Apps_and_Tools_24.2.0/bin.Also I have searched under /Tools, but no luck. What could be the issue ? I am trying to upload .fpr file to SSC. Could somebody please help what am I missing…
I want to perform SCA analysis on my source code. By following some tutorials, I learned that we need a setup like the one below:
SSC (Software Security Center) Scan Central SAST Controller Sensor SCA Client
However, the trial version for Software…
Hi,
In our Fortify SSC we have been scanning code and uploaded artifacts to Version-A
We then created a new version - VERSION-B taking suppressions from Version-A and started uploading artifacts to this new VERSION-B (as we have some new set of code…
I'm on the DevOps team of a large organization with a lot of .NET applications. I'm trying to figure out what to recommend for Fortify SSC application version management for some of the larger applications. There doesn't seem to be guidance and there…
Hi,
Is there a way to print the total Lines of code for a fortify application ?
In Fortify SSC , we could see Executable LOC but I want the total lines of code for an application in fortify
Please suggest..
Hi everybody,
I have installed SSC version 23.2.0 on Windows Server 2019 VM and sqlserver db on another VM,
They see each other and TCP/IP connection works successfully but the connection is failed.
Note:
I have installed sql server db on same…
I am updating Fortify SSC from 22.2 to 23.2 and I am unable to perform a successful test connection during the initial setup. This is an upgrade so the only steps that were needed was to delete the old version ssc directory and ssc.war file and past the…
Hello, i'm trying to integrate Fortify SSC into my gitlab pipeline but i didn't work for me.
this is my pipeline script :
fortify-sast-scancentral :
image : fortifydocker/fortify-ci-tools:latest
variables :
SC_SAST_SENSOR_VERSION : '23.1'…
I am getting this error for SSC "Unable to locate source file rendering information. Completion of an SCA scan using the latest version of sourceanalyzer is required to view source files." however the code snippet is shown in audit work bench for the…
Hi , I am testing a version upgrade from Fortify SSC 18.2 to 22.2
To start with, I wanted to install Fortify SSC 18.2 first, I have installed Oracle database 12.2.0 , Fortify SSC 18.2, java 1.8 and apache tomcat 9.0.75
When I deployed the war file…
Using the BigBang helm charts to deploy both Keycloak and Fortify SSC.
We have deployed Keycloak and are using it successfully as the SAML IdP for other applications.
We are trying to integrate Fortify SSC with this instance of Keycloak, but when…
I have Fortify SSC and SCA v22.2.0 in different servers, apart from Jenkins as well.
I installed Jenkins plugin v 21.2.37 and can't go to 22.x currently because it conflicts with another pipeline's plugin. From the documentation, I take that it should…
Hi
For only one project I have a problem (bellow error datails) I cant upload to SSC via Audit workbenck or Azure pipeline job and with after login SCC with Auditworkbenck I can not dowload and access the project. But before I could upload and I can…
Hi,
I have set up Fortify SSC version 22 on my test instance. After logging in I saw that Search box is disabled. So, I have put the application in maintenance mode, enabled Global search, specified the location in text box and continued with database…
Hi,
I have created AnalysisUploadToken in SSC and using it with fortifyclient for fpr upload.
But even before the DaysToLive is reached, the token is not working for upload.
I have verified the serviceContext.xml (webapps/ssc/WEB-INF/internal/serviceContext…
Hi,
I wanted to upgrade my Fortify 18.2(Oracle 12c) to 22.2.0 (Oracle 19c). To test the same,
1. I have put the SSC test instance (Fortify 22.2) in maintenance mode
2. I have installed Fortify 22 in a test machine with Oracle 19c and copied the…
Hello,
I am trying to merge two FPR files with the FPRUtility tool. I have a file with analysis date let's say today at 8AM (with 4 issues), and another FPR file with analysis date at 10AM (with 0 issues).
I would like to merge these two files, specifying…
Hi,
I have configured Fortifity SSC 22.2.0 in a stage machine but am unable to login.
I verified the log file ssc.log in fortify home directory. The below error is shown -
/ssc/j_spring_security_check [WARN] com.fortify.manager.security.CustomLoggerListener…
Hi all,
I would like to try to scan DAST using URL Zero Web App manually directly in the DAST scancentral on the SSC dashboard, and for Fortify version I am using version 22.2. I have adjusted the scanning configuration settings according to my needs…
Hi everybody!
We are trying to upgrade SSC from version 20.1 and in our first step we have been able to execute setup wizard with SSC.WAR, but finally startup has failed and TOMCAT cannot deploy SSC application correctly.
Our initial environment is…
Hi,
I'm using Fortify SSC 18.2 version.
When I tried to delete the artifact for an application, It says "Deleting" and it is never deleted. After that, again at a later point, I uploaded another artifact for which the upload command submitted but…
Hi,
I have triggered a fortify scan on a set of files in war layout (files extracted from a war and then scan is triggered). And when I viewed the results in Audit in Fortify SSC, few are shown as minified js files. But the name is not *.min.js. The…
The code is simple, send ACTION_GET_CONTENT to let user pick an image, and in `onActivityResult`, call `intent.getData()` to get the uri, then query the something from content provider like `context.getContentResolver().query(uri)`,
This is a very common…