Adding a Fortify ScanCentral DAST Assessment task
Use the Fortify ScanCentral DAST Assessment task to perform a scan of your Web application as part of your build. After you run the build and the scan is complete, the scan results are available in Fortify Software Security Center. For more information about configuring and using Fortify ScanCentral DAST, see OpenText™ Fortify ScanCentral DAST Configuration and Usage Guide in Fortify ScanCentral DAST Documentation for versions 20.2.0 and later.
To configure a Fortify ScanCentral DAST Assessment task:
In an Azure DevOps project, navigate to your existing build pipeline.
- Click Edit.
Find and add the Fortify ScanCentral DAST Assessment task.
Provide the information described in the following table.
Field Description ScanCentral DAST API URL Specify the URL and port where the DAST API service runs in the format
<protocol>://<DAST_API_hostname>:<port>/apior<protocol>://<DAST_API_IP_address>:<port>/api.CI/CD identifier Specify a scan settings identifier GUID. This is also known as the Settings Identifier.
SSC continuous integration token Specify an Azure DevOps variable that contains the decoded value of a Fortify Software Security Center authentication token of type CIToken.
Overrides (Optional) Fortify ScanCentral DAST scan setting overrides (JSON format).