Using the Fortify Static Code Analyzer Install task

The Fortify Static Code Analyzer Install task automatically installs and configures Fortify Static Code Analyzer on the target agents.

Perform this install task one time for each agent (or when you upgrade to a new version of Fortify Static Code Analyzer). OpenText recommends that you create a build definition dedicated to setting up agents. You must target this build step to each agent you plan to enable in your build pool.

Before you use the Fortify Static Code Analyzer Install task:

  • Make sure that you can successfully build your application on the agent where you are installing Fortify Static Code Analyzer.

  • You must have both the Fortify Static Code Analyzer installer executable and the fortify.license file available using an addressable file path on the agent.

  • Make sure that the agent's work directory is close to the root to avoid issues with the Windows maximum path length limitation (MAX_PATH).

This task can:

  • Install Fortify Static Code Analyzer unless it is already installed.
  • Configure the installation with a user-provided fortify.license file.
  • Automatically download the Fortify ScanCentral SAST client from the Controller.
  • Install the latest Fortify Security Content allowed by the Fortify license.

To configure the Fortify Static Code Analyzer install task:

  1. In an Azure DevOps project, navigate to your existing build pipeline.

  2. Click Edit.

  3. Find and add the Fortify Static Code Analyzer Install task.

  4. Provide the information described in the following table.

    Field Description
    Display name

    Type a name for the task.
    Fortify SCA installer path

    Type the full path to the Fortify Static Code Analyzer installer on the agent. For example, C:\<location_on_agent>\OpenText_SAST_Fortify_windows-x64_<version>.exe.
    Fortify SCA license file

    Type the full path to the fortify.license file on the agent. For example, C:\<location_on_agent>\fortify.license.

    Update Fortify Security Content

    		 (Optional) Select whether to update the Fortify Security Content.
    Proxy host (Optional) Specifies a proxy host required for connection to the Fortify Rulepack update server.
    Proxy port (Optional) Specifies a proxy port required for connection to the Fortify Rulepack update server.