Configuring Sensors to Use the Progress Command when Starting on Java

If you want to use the progress command to check the progress of your Fortify Static Code Analyzer scans, the following sensor configuration is required:

  1. Create a JMX access file, and add the following text to it:

    <user_role> readonly

    where <user_role> is text that represents something like a username.

  2. Create a JMX password file, and add the following text to it:

    <user_role> <password> readonly

    where <user_role> is the value you specified in the JMX access file.

  3. Run one of the following commands:

    • On Windows systems, run cacls jmxremote.password /P <username>:R

    • On Linux systems, run chmod 600 jmxremote.password

  4. Open the worker.properties file in a text editor, and then add the following properties to it:

    sca_jmx_port=<port>

    sca_jmx_access_file=<path_to_access_file>

    sca_jmx_password_file=<path_to_password_file>

    sca_jmx_password=<password>

    sca_jmx_user=<user_role>

    sca_jmx_auth=true

  5. Save and close the worker.properties file.

After you complete this configuration, ScanCentral SAST clients start on the specified port using JMX password authenticationClosed Identity verification, typically with passwords. Authentication precedes authorization.. Make sure that the port is not already bound.

Important! If you use sca_jmx_auth, you can start only one sensor. Any attempt to open a new Fortify Static Code Analyzer instance results in a bind port error. To have multiple sensors on a machine, you must have several ScanCentral SAST instances, each with its own worker.properties file.