SSC settings

You can use the SSC settings to configure the connection between Fortify ScanCentral DAST and Fortify Software Security Center. Optionally, you can configure Kafka settings that provide a way for Fortify Software Security Center to message audit history changes to Fortify ScanCentral DAST.

Important guidelines for the service account

The service account that is configured with the ServiceAccountUserName and ServiceAccountPassword settings is used to integrate Fortify ScanCentral DAST with Fortify Software Security Center. Follow these guidelines when configuring the service account:

The account must be an administrator-level account that can perform service-level functions.
The account must be a dedicated account that is only used for the integration of Fortify ScanCentral DAST and Fortify Software Security Center. Do not use the account for access by a Fortify ScanCentral DAST user.

Note: Individual users who log into Fortify Software Security Center to use Fortify ScanCentral DAST are restricted based on the permissions designated by their user role in Fortify Software Security Center. For more information, see Permissions in Fortify Software Security Center.
The account must be a local user account that has the Administrator role. Do not use an externally-managed account such as an LDAP- or SCIM-based user account.

JSON example

The following example shows the SSC settings in a JSON file.

  "SSCSettings": {
    "SSCRootUrl": "http://<ip_address>:<port>/ssc",
    "ServiceAccountUserName": "<username>",
    "ServiceAccountPassword": "<password>"
    "KafkaSettings": {
      "IsEnabled": true,
      "BootstrapServers": "<broker1>,<broker2>,<broker3>",
      "FindingAuditGroupId": "<SCDAST_FindingAuditGroup>",
      "FindingAuditTopic": "<FindingAuditTopic>"
      "SecurityProtocolType": "SSL",
      "SSLSettings": {
        "CALocation": "/<directory_path>/<cert_name>.cer",
        "CertificateLocation": "/<directory_path>/<cert_name>.cer",
        "EnableSslCertificateVerification": true,
        "KeyLocation": "/<directory_path>/<cert_name>.key",
        "KeyPassword": "<password>"
      }
    }
  },

YAML example

The following example shows the SSC settings in a YAML file.

sSCSettings:
  sSCRootUrl: http://<hostname>:<port>/ssc
  serviceAccountUserName: <username>
  serviceAccountPassword: <password>
  kafkaSettings:
    isEnabled: true 
    bootstrapServers: <broker1>,<broker2>,<broker3> 
    findingAuditGroupId: <SCDAST_FindingAuditGroup>
    findingAuditTopic: <FindingAuditTopic>
    securityProtocolType: SSL
    sSLSettings:
      cALocation: /<directory_path>/<cert_name>.cer 
      certificateLocation: /<directory_path>/<cert_name>.cer 
      enableSslCertificateVerification: true
      keyLocation: /<directory_path>/<cert_name>.key 
      keyPassword: <password>

Parameter descriptions

The following table describes the parameters for the SSC settings.

Parameter	Description
`SSCRootUrl`	Required setting that specifies the URL for your Fortify Software Security Center application. Important! You cannot use localhost for the Fortify Software Security Center URL. You must use a routable IP address or hostname. Additionally, do not use a trailing slash (`/`) at the end of the URL.
`ServiceAccountUserName`	Required setting that identifies the user name under which Fortify ScanCentral DAST will communicate with Fortify Software Security Center. For more information, see Important guidelines for the service account.
`ServiceAccountPassword`	Required setting that identifies the password for the service account. Tip: OpenText recommends using an encrypted password. You can encrypt the password with the `encrypt` command. For more information, see Encrypting values.
`KafkaSettings`	Optional settings that allow audit history changes in Fortify Software Security Center to sync with Fortify ScanCentral DAST. `IsEnabled` – Indicates whether Fortify ScanCentral DAST will retrieve messages regarding changes to audit history in Fortify Software Security Center from the Kafka messaging system. Options are `true` and `false`. If set to `true`, then you must also provide the following parameters: `BootstrapServers` – Specifies a comma-separated list of brokers for the Fortify Software Security Center Kafka instance. Ask your Fortify Software Security Center administrator for these details. `FindingAuditGroupId` – Identifies the Fortify Software Security Center Kafka group ID for Fortify ScanCentral DAST. This ID must be a string that is unique to Fortify ScanCentral DAST, and no other Kafka consumers should use this group ID. `FindingAuditTopic` – Indicates the Fortify Software Security Center Kafka topic to be used for finding audit events. Ask your Fortify Software Security Center administrator for these details. `SecurityProtocolType` – Indicates the security protocol used to communicate with brokers. Options are `Plaintext` and `SSL`. If `SecurityProtocolType` is `SSL`, then you must also provide the following parameters: `CALocation` – Identifies the file or directory path to the CA certificate for verifying the broker's key. Tip: On Windows, the default location of the system's CA certificates is the Windows Root certificate store. On Mac OS X, the configuration defaults to `probe`. Install OpenSSL using Homebrew to provide CA certificates. On Linux, install the distribution's ca-certificates package. If OpenSSL is statically linked or `ssl.ca.location` is set to `probe`, a list of standard paths will be probed and the first one found will be used as the default CA certificate location path. If OpenSSL is dynamically linked, then the OpenSSL library's default path will be used. `CertificateLocation` – Indicates the path to the client's public key (PEM) to use for authentication. `KeyLocation` – Indicates the path to the client's private key (PEM) to use for authentication. `KeyPassword` – Optionally, indicates the private key password. Important! OpenText recommends using an encrypted password. You can encrypt the password using the `encrypt` command. For more information, see Encrypting values. `EnableSslCertificateVerification` – Indicates whether OpenSSL's built-in broker (server) certificate verification is enabled. Options are `true` and `false`.