Proper project configuration in DT for SSC about fortify-ssc-plugin HOT 11 CLOSED

Every application/version in Fortify SSC has a dedicated ID. This ID is used when integrating SSC with external systems (including Audit Workbench - you just don't see it as it's transparent).

To obtain it, execute:

fortifyclient listApplicationVersions -url https://fortify.example.com/ssc -user myusername

Change https://fortify.example.com/ssc to the URL of your server and specify a valid username. This will display a list of all applications including their name, version, and ID. Use this ID when integrating SSC with DT.

from fortify-ssc-plugin.

This will display a list of all applications including their name, version, and ID. Use this ID when integrating SSC with DT.

Assume we need to obtain the ID without using fortify client. Where after login is the mentioned application.id in SSC web interface? In Application section one can see Application, Version, State, Description and Created columns.

from fortify-ssc-plugin.

You should see something like /ssc/version/x in the URL where x is the application version id.

from fortify-ssc-plugin.

Hello @stevespringett ,

we are also kind of stuck in the integration part of Fortify SSC with Dependency Tracker(DT)

we know the fortify application and we know the application ID too, but when it comes to the configuration part in DT we are not able to get it working

below are my sample application details

Fortify application name: ABC
fortify application ID: 123

can you please help me to fill in the below data?

Attribute Value
Group Name _____________ ?
Property Name _____________ ?
Property Value _____________ ?
Property Type _____________ ?

I feel the documentation, especially when it comes to the Per-project configuration not clear. https://docs.dependencytrack.org/integrations/fortify-ssc/

and also would like to know once we have added the Fortify SSC details in the integration section in DT how do we validate it like "Test connection" I don't see an option like that.

can you help me with the above queries?

Best Regards,
Sachin

from fortify-ssc-plugin.

from fortify-ssc-plugin.

Thanks @stevespringett for confirming the values.

I can say that my dependency tracker project properties have the correct values.

watched the video which is posted at https://www.youtube.com/watch?v=RffZFteIhLA

but still, I'm not seeing my DT report getting uploaded to Fortify SSC.

I have generated a CI token in Fortify SSC and the same has been passed in the DT fortify integration section, but the connection seems to be not happening.

Any suggestion on that? how can I verify the connectivity of Fortify SSC and DT ? do I need to restart my Fortify SSC once the Dependency tracker parser plugin is installed to get this working?

from fortify-ssc-plugin.

Did you happen to restart DT after configuring Fortify SSC in the admin interface? This is a requirement and the UI should display a message stating that a restart is required for changes to take effect.

from fortify-ssc-plugin.

Oh @stevespringett , I haven't restarted the DT, what is the best way to restart the DT?

(sorry I couldn't find any doc on how to restart the DT)

My DT is a container-based setup.

from fortify-ssc-plugin.

what is the best way to restart the DT?

Assuming you're using Docker Compose, then you would need to execute the following commands in the same directory as the Dependency-Track docker-compose.yml file resides

docker-compose down
docker-compose up -d

If you're using Docker Swarm, K8s, or something else, you'll need to refer to those platform specific docs on how to restart containers.

from fortify-ssc-plugin.

Finally some good news.! @stevespringett 🙂

I just restarted my DT docker container as

#docker container restart 11111111

now I'm able to see my DT reports (in .json format) are properly getting populated in the Fortify SSC application.

Once again thanks a lot @stevespringett for your timely response on this, Much appreciated!

from fortify-ssc-plugin.

Glad its working. Closing.

from fortify-ssc-plugin.