Upgrading ScanCentral SAST Sensors

Important! If Fortify Static Code Analyzer and applications is installed in a location that requires that you have administrator privileges to modify it (for example, program files), in order to update a sensor, you must start it with administrator privileges. Otherwise, the sensor cannot write files to disk. If auto-update is enabled, major updates on standalone clients must finish successfully before the sensor can start. With auto-update enabled, patch updates allow sensors and clients to start unless the upgrade fails.

To upgrade your ScanCentral SAST sensorsClosed Distributed network of computers set up to receive Fortify Static Code Analyzer mobile build sessions and scan instructions (or project packages with translation and scan instructions) from the ScanCentral SAST clients and scan code using Fortify Static Code Analyzer. If your applications are written in a supported language, the sensors can also perform the translation phase. of the analysis. (on Windows or Linux), you can either install the latest version of Fortify Static Code Analyzer, or unzip the Fortify_ScanCentral_Client_<version>_x64.zip file. You can use the clientClosed Requesting program or user in a client/server relationship. For example, the user of a web browser is effectively making client requests for pages from servers all over the web. The browser itself is a client in its relationship with the computer that is getting and returning the requested HTML file. The computer handling the request and sending back the HTML file is a server.-only approach if you will plan only to use remote translation and analysis workflows. Local translation requires a local Fortify Static Code Analyzer installation. You can also find the ScanCentral SAST client inside the Fortify_ScanCentral_Controller_<version>_x64.zip file in the tomcat/client/scancentral.zip directory.

Tip: You can configure automatic upgrades of both ScanCentral SAST sensors and clients. For details, see Enabling and Disabling Auto-Updates of Clients and Sensors.

To upgrade sensors by installing or upgrading Fortify Static Code Analyzer:

  1. Stop all sensors from running.

  2. Go to the Micro Focus Software Licenses and Downloads (SLD) portal(https://sld.microfocus.com) and download the installer file for your operating system:

    Windows: Fortify_SCA_and_Apps_<version>_windows_x64.exe

    Linux: Fortify_SCA_and_Apps_<version>_linux_x64.run

    Note: For detailed instructions on how to download Micro Focus Software, see https://www.brainshark.com/mfLD/vu?pi=zFszsRA7ezW1H3z0&nodesktopflash=1.

  3. Install or upgrade Fortify Static Code Analyzer based on the instructions provided in the Micro Focus Fortify Static Code Analyzer User Guide.
  4. Check the <sca_install_dir>/Core/config directory to make sure that the worker.properties file resides there.

  5. Add the following property to the worker.properties file:

    worker_auth_token=<value_set_in_controller_configuration>
  6. Specify either a clear text password, or an encrypted shared secret (password the Controller uses to communicate with the sensor) as the worker.properties value. For information about how to generate an encrypted shared secret, see Encrypting the Shared Secret on a Sensor.
  7. Save the worker.properties file.
  8. Start the sensors.

See Also

Enabling and Disabling Auto-Updates of Clients and Sensors

Creating ScanCentral SAST Sensors

Installing ScanCentral SAST Clients

About Upgrading ScanCentral SAST Components

Upgrading the ScanCentral SAST Controller