Comments (11)
Every application/version in Fortify SSC has a dedicated ID. This ID is used when integrating SSC with external systems (including Audit Workbench - you just don't see it as it's transparent).
To obtain it, execute:
fortifyclient listApplicationVersions -url https://fortify.example.com/ssc -user myusername
Change https://fortify.example.com/ssc
to the URL of your server and specify a valid username. This will display a list of all applications including their name, version, and ID. Use this ID when integrating SSC with DT.
from fortify-ssc-plugin.
This will display a list of all applications including their name, version, and ID. Use this ID when integrating SSC with DT.
Assume we need to obtain the ID without using fortify client. Where after login is the mentioned application.id in SSC web interface? In Application section one can see Application, Version, State, Description and Created columns.
from fortify-ssc-plugin.
You should see something like /ssc/version/x
in the URL where x is the application version id.
from fortify-ssc-plugin.
Hello @stevespringett ,
we are also kind of stuck in the integration part of Fortify SSC with Dependency Tracker(DT)
we know the fortify application and we know the application ID too, but when it comes to the configuration part in DT we are not able to get it working
below are my sample application details
Fortify application name: ABC
fortify application ID: 123
can you please help me to fill in the below data?
Attribute Value
Group Name _____________ ?
Property Name _____________ ?
Property Value _____________ ?
Property Type _____________ ?
I feel the documentation, especially when it comes to the Per-project configuration not clear. https://docs.dependencytrack.org/integrations/fortify-ssc/
and also would like to know once we have added the Fortify SSC details in the integration section in DT how do we validate it like "Test connection" I don't see an option like that.
can you help me with the above queries?
Best Regards,
Sachin
from fortify-ssc-plugin.
from fortify-ssc-plugin.
Thanks @stevespringett for confirming the values.
I can say that my dependency tracker project properties have the correct values.
watched the video which is posted at https://www.youtube.com/watch?v=RffZFteIhLA
but still, I'm not seeing my DT report getting uploaded to Fortify SSC.
I have generated a CI token in Fortify SSC and the same has been passed in the DT fortify integration section, but the connection seems to be not happening.
Any suggestion on that? how can I verify the connectivity of Fortify SSC and DT ? do I need to restart my Fortify SSC once the Dependency tracker parser plugin is installed to get this working?
from fortify-ssc-plugin.
Did you happen to restart DT after configuring Fortify SSC in the admin interface? This is a requirement and the UI should display a message stating that a restart is required for changes to take effect.
from fortify-ssc-plugin.
Oh @stevespringett , I haven't restarted the DT, what is the best way to restart the DT?
(sorry I couldn't find any doc on how to restart the DT)
My DT is a container-based setup.
from fortify-ssc-plugin.
what is the best way to restart the DT?
Assuming you're using Docker Compose, then you would need to execute the following commands in the same directory as the Dependency-Track docker-compose.yml file resides
docker-compose down
docker-compose up -d
If you're using Docker Swarm, K8s, or something else, you'll need to refer to those platform specific docs on how to restart containers.
from fortify-ssc-plugin.
Finally some good news.! @stevespringett 🙂
I just restarted my DT docker container as
#docker container restart 11111111
now I'm able to see my DT reports (in .json format) are properly getting populated in the Fortify SSC application.
Once again thanks a lot @stevespringett for your timely response on this, Much appreciated!
from fortify-ssc-plugin.
Glad its working. Closing.
from fortify-ssc-plugin.
Related Issues (5)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fortify-ssc-plugin.