Description
Fortify Software security center (SSC) enables teams with the application security program automation capabilities. It enables to manage, develop, and provide security for the software protection activities.
- Overview
- Documentation
- Version history
Quick Info
Product
HCL DevOps Velocity (HCL Accelerate)
Type
plugin
Compatibility
HCL Accelerate version 2.0.x or later
Created by
HCLSoftware
Website
Published Date
Last Updated
Summary
Usage
Configuration properties
Summary
Fortify Software security center (SSC) is a centralized management repository producing transparency to team’s full range of application security functionality for rectifying security threats across software platforms.
Usage
To use the Fortify SSC server plugin, the plugin must be loaded and an instance created before you can configure the plugin integration. You define configuration properties in the user interface.
Integration type
The Fortify SSC plugin supports scheduled events integration which is listed in the following table.
| Name | Description |
|---|---|
| fortifyScheduledEvents | The Fortify SSC plug-in processes incoming data from the Fortify SSC server. |
Integration
Use the user interface to integrate the plugin.
- From the Plugins page, click Settings > Integrations > Plugins.
- Under the Action column for the plugin, click Add Integration.
- On the Add Integration page enter the values for the fields used to configure the integration and define communication.
- Click Save.
See Configuration properties topic for the properties used to define the integration.
Configuration properties
The following tables describe the properties used to configure the integration.
- The General Configuration Properties table describes configuration properties used by all plugin integrations.
- The Fortify SSC Configuration Properties table describes the configuration properties that define the connection and communications with the Fortify server.
Some properties might not be displayed in the user interface, to see all properties enable the Show Hidden Properties field.
| Name | Description | Required | Property Name |
|---|---|---|---|
| NA | The version of the plugin that you want to use. To view available versions, click the Version History tab. If a value is not specified, the latest version is used. | No | image |
| Integration Name | An assigned name to the value stream. | Yes | name |
| Logging Level | The level of Log4j messages to display in the log file. Valid values are: all, debug, info, warn, error, fatal, off, and trace. | No | loggingLevel |
| NA | List of configuration properties used to connect and communicate with the Redmine server. Enclose the properties within braces. | Yes | properties |
| The name of the tenant. | Yes | tenant_id | |
| NA | Unique identifier assigned to the plugin. The value for the Redmine plugin is ucv-ext-fortify-ssc. |
Yes | type |
| HCL Accelerate User Access Key | The auto-generated User Access Key that the containerized plugin will use to communicate with HCL Accelerate (support starts with plugin v2.0.30 or later). | Yes | ucvAccessKey |
| Name | Type | Description | Required |
|---|---|---|---|
| URL | String | The URL of the Fortify SSC server. | Yes |
| token | String | The API key to authenticate with the Fortify SSC server. | Yes |
| Initial sync date | String | The date to pull data for the initial run. | No |
| User Access Key | Secure | The user access key to authenticate with HCL Accelerate server, prior to version 2.4.0. | No |
ucv-ext-fortify-ssc:1.0.19.tar
Uploaded: 22-Sep-2022 01:32
Pull Command
docker pull hclcr.io/accelerate/ucv-ext-fortify-ssc:1.0.19
Release Notes
- Added WorkflowId: Under the hidden properties section of add integration page for the plugin a Workflow ID field is added. This field is optional and can be used to provide WorkflowId - the ID of a Value Stream (VSM )to which the vulnerability data is associated.
ucv-ext-fortify-ssc:1.0.18.tar
Uploaded: 24-Aug-2022 04:49
Pull Command
docker pull hclcr.io/accelerate/ucv-ext-fortify-ssc:1.0.18
Release Notes
- Resolved Incorrect Count Issue: The count of Critical, High, Low, and Medium level issues in Application Vulnerabilities chart was incorrect in previous version of plugin.
- Changed Record Name: Previously record name in Application Vulnerabilities chart was equivalent to Application Name + Application version. Now the Application Name part has been removed from record name.
ucv-ext-fortify-ssc:1.0.16.tar
Uploaded: 22-Aug-2022 07:30
Pull Command
docker pull hclcr.io/accelerate/ucv-ext-fortify-ssc:1.0.16
Release Notes
- Project Names Field Added: The Fortify SSC Plugin was syncing all project data. Added a field to provide a comma separated list of project names to sync data from. Due to a massive no. of projects, plugin was crashing.
- Removed Manual User Access Key: From current version onwards this plugin will only support Auto Generated User Access Key feature of HCL Accelerate.
- Initial Sync Date Field Added: Under the hidden properties section of add integration page for Fortify SSC plugin an Initial Sync Date field is added. This field is optional and can be used only for first sync.
ucv-ext-fortify-ssc:1.0.7.tar
Uploaded: 08-Jun-2022 06:55
Pull Command
docker pull hclcr.io/accelerate/ucv-ext-fortify-ssc:1.0.7
Release Notes
- Reduced whitesource vulnerabilities
ucv-ext-fortify-ssc:1.0.1.tar
Uploaded: 24-Jan-2022 15:41
Pull Command
docker pull hclcr.io/accelerate/ucv-ext-fortify-ssc:1.0.1
Release Notes
- Initial Release