• Fortify SSC - error when seeding init bundle when updating

    Hello everyone, We are currently in the process of upgrading to Fortify SSC 22.2 (from 21.2) on a Windows Server 2019 VM on a production environment and we are facing some errors when trying to seed the database. The migration process goes without…
  • fortifyclient missing in Fortify/Fortify_Apps_and_Tools_24.2.0/bin or under /Tools

    Hello, I don't see fortifyclient in bin folder of /Fortify/Fortify_Apps_and_Tools_24.2.0/bin.Also I have searched under /Tools, but no luck. What could be the issue ? I am trying to upload .fpr file to SSC. Could somebody please help what am I missing…
  • Fortify SCAN Process?

    I want to perform SCA analysis on my source code. By following some tutorials, I learned that we need a setup like the one below: SSC (Software Security Center) Scan Central SAST Controller Sensor SCA Client However, the trial version for Software…
  • Does Fortify SSC support an option to carry forward suppressions from application VERSION-B to VERSION-A

    Hi, In our Fortify SSC we have been scanning code and uploaded artifacts to Version-A We then created a new version - VERSION-B taking suppressions from Version-A and started uploading artifacts to this new VERSION-B (as we have some new set of code…
  • What are Best Practices for Multiple SSC Application Versions

    I'm on the DevOps team of a large organization with a lot of .NET applications. I'm trying to figure out what to recommend for Fortify SSC application version management for some of the larger applications. There doesn't seem to be guidance and there…
  • Is there a way to print the total Lines of code for a fortify application

    Hi, Is there a way to print the total Lines of code for a fortify application ? In Fortify SSC , we could see Executable LOC but I want the total lines of code for an application in fortify Please suggest..
  • Fortify SSC Configuration not recognizing SQL Server JDBC

    Hi everybody, I have installed SSC version 23.2.0 on Windows Server 2019 VM and sqlserver db on another VM, They see each other and TCP/IP connection works successfully but the connection is failed. Note: I have installed sql server db on same…
  • Fortify DB migration 22.2 to 23.2 fails test

    I am updating Fortify SSC from 22.2 to 23.2 and I am unable to perform a successful test connection during the initial setup. This is an upgrade so the only steps that were needed was to delete the old version ssc directory and ssc.war file and past the…
  • Fcli unable to create sc-sast session

    Hello, i'm trying to integrate Fortify SSC into my gitlab pipeline but i didn't work for me. this is my pipeline script : fortify-sast-scancentral : image : fortifydocker/fortify-ci-tools:latest variables : SC_SAST_SENSOR_VERSION : '23.1'…
  • I am getting this error for SSC "Unable to locate source file rendering information. Completion of an SCA scan using the latest version of sourceanalyzer is required to view source files."

    I am getting this error for SSC "Unable to locate source file rendering information. Completion of an SCA scan using the latest version of sourceanalyzer is required to view source files." however the code snippet is shown in audit work bench for the…
  • Fortify SSC 18.2 deployment issue

    Hi , I am testing a version upgrade from Fortify SSC 18.2 to 22.2 To start with, I wanted to install Fortify SSC 18.2 first, I have installed Oracle database 12.2.0 , Fortify SSC 18.2, java 1.8 and apache tomcat 9.0.75 When I deployed the war file…
  • Fortify SSC giving Auth ID mismatch when using Keycloak as the SAML IdP

    Using the BigBang helm charts to deploy both Keycloak and Fortify SSC. We have deployed Keycloak and are using it successfully as the SAML IdP for other applications. We are trying to integrate Fortify SSC with this instance of Keycloak, but when…
  • Can't execute a Fortify SCA remote analysis on Jenkins

    I have Fortify SSC and SCA v22.2.0 in different servers, apart from Jenkins as well. I installed Jenkins plugin v 21.2.37 and can't go to 22.x currently because it conflicts with another pipeline's plugin. From the documentation, I take that it should…
  • FPR upload to SCC and download from SCC timeout problem

    Hi For only one project I have a problem (bellow error datails) I cant upload to SSC via Audit workbenck or Azure pipeline job and with after login SCC with Auditworkbenck I can not dowload and access the project. But before I could upload and I can…
  • Global Search box not working in SSC even after enabling global search in SSC configuration

    Hi, I have set up Fortify SSC version 22 on my test instance. After logging in I saw that Search box is disabled. So, I have put the application in maintenance mode, enabled Global search, specified the location in text box and continued with database…
  • AnalysisUploadToken not working even before DaysToLive is completed

    Hi, I have created AnalysisUploadToken in SSC and using it with fortifyclient for fpr upload. But even before the DaysToLive is reached, the token is not working for upload. I have verified the serviceContext.xml (webapps/ssc/WEB-INF/internal/serviceContext…
  • Seed bundle fails

    Hi, I wanted to upgrade my Fortify 18.2(Oracle 12c) to 22.2.0 (Oracle 19c). To test the same, 1. I have put the SSC test instance (Fortify 22.2) in maintenance mode 2. I have installed Fortify 22 in a test machine with Oracle 19c and copied the…
  • -ignoreAnalysisDates ignored when merging FPRs with FPRUtility tool.

    Hello, I am trying to merge two FPR files with the FPRUtility tool. I have a file with analysis date let's say today at 8AM (with 4 issues), and another FPR file with analysis date at 10AM (with 0 issues). I would like to merge these two files, specifying…
  • Reset admin password for Fortify 22.2

    Hi, I have configured Fortifity SSC 22.2.0 in a stage machine but am unable to login. I verified the log file ssc.log in fortify home directory. The below error is shown - /ssc/j_spring_security_check [WARN] com.fortify.manager.security.CustomLoggerListener…
  • Artifacts stuck in Purging status

    I have several artifacts that are stuck with a status of Purging. How can I get these artifacts to finish their process?
  • DAST scan cannot be performed

    Hi all, I would like to try to scan DAST using URL Zero Web App manually directly in the DAST scancentral on the SSC dashboard, and for Fortify version I am using version 22.2. I have adjusted the scanning configuration settings according to my needs…
  • SSC upgrade issue with TOMCAT 9 in LINUX

    Hi everybody! We are trying to upgrade SSC from version 20.1 and in our first step we have been able to execute setup wizard with SSC.WAR, but finally startup has failed and TOMCAT cannot deploy SSC application correctly. Our initial environment is…
  • Can we force delete artifacts from Fortify SSC for a particular application?

    Hi, I'm using Fortify SSC 18.2 version. When I tried to delete the artifact for an application, It says "Deleting" and it is never deleted. After that, again at a later point, I uploaded another artifact for which the upload command submitted but…
  • Is there anything like - disable the minification of js file on build for FORTIFY scan

    Hi, I have triggered a fortify scan on a set of files in war layout (files extracted from a war and then scan is triggered). And when I viewed the results in Audit in Fortify SSC, few are shown as minified js files. But the name is not *.min.js. The…
  • How to fix Access Control: Android Provider

    The code is simple, send ACTION_GET_CONTENT to let user pick an image, and in `onActivityResult`, call `intent.getData()` to get the uri, then query the something from content provider like `context.getContentResolver().query(uri)`, This is a very common…