Specifying how the Controller maps scan requests to sensor pools

The pool_mapping_mode property in the config.properties file determines how the Controller maps scan requests to sensor pools. The valid values for the pool_mapping_mode property are:

• disabled— In this mode, a Fortify ScanCentral SAST client requests a specific sensor pool when it submits a scan request. Otherwise, the default pool is used.

  For details, see the following table.

• enabled— In this mode, if a scan request is associated with an application version in Fortify Software Security Center, the Controller queries Fortify Software Security Center to determine the sensor pool assigned to the application version. Alternatively, a client can request a specific sensor pool when it submits a scan request. A client request for a specific sensor pool takes precedence over a query from the Controller.

  Sensors in the default sensor pool run scan requests that are not associated with an application version (and no specific pool is requested on the Fortify ScanCentral SAST client command line).

• enforced—As with the enabled mode, if a scan request is associated with an application version in Fortify Software Security Center, the Controller queries Fortify Software Security Center for the sensor pool to use for the application version. Otherwise, the Controller targets the default sensor pool for scan requests. A Fortify ScanCentral SAST client cannot request a specific sensor pool in the enforced mode.

  If ssc_lockdown_mode is enabled, then the pool_mapping_mode is automatically set to enforced and the value set for pool_mapping_mode in the config.properties file is ignored.

The following table shows how the Fortify Software Security Center integration with Fortify ScanCentral SAST responds to different input when the pool_mapping_mode is set to disabled, enabled, or enforced.

Configuring the Controller