Enabling integration with Fortify ScanCentral SAST

OpenText SAST (Fortify Static Code Analyzer) users can use Fortify ScanCentral SAST to maximize their resource usage by offloading the processor-intensive scanning phase to a dedicated OpenText SAST scan farm. You can monitor Fortify ScanCentral SAST and display its results in Application Security. You can also create and manage sensor pools. To enable this functionality, you must configure the integration in Application Security.

For information about how to install, configure, and use Fortify ScanCentral SAST, see the OpenText™ Fortify ScanCentral SAST Installation, Configuration, and Usage Guide.

To configure the integration:

  1. Sign in to Application Security as an Administrator.
  2. On the header, select Administration.

  3. On the navigation pane, expand Configuration, and then select ScanCentral SAST.

  4. On the ScanCentral SAST page, select the Enable ScanCentral SAST check box.

  5. In the ScanCentral Controller URL box, type the URL for your Controller.

    The Controller must be the same or later version as Application Security.

  6. In the ScanCentral poll period (seconds) box, type the number of seconds to elapse between sessions of data polling from Fortify ScanCentral SAST.

  7. In the SSC and ScanCentral controller shared secret box, type the shared secret key (unencrypted) so that Application Security can request data from the Controller.

    If you use clear text, this string must match the value stored in the Controller config.properties file for the ssc_scancentral_ctrl_secret property.

    The Controller verifies the shared secret key when requested for administration console data.

  8. Click SAVE.
  9. Restart the Application Security server.

See Also

Fortify ScanCentral SAST permissions

Viewing Fortify ScanCentral SAST Controller information

About Fortify ScanCentral SAST sensor pools

Creating Fortify ScanCentral SAST sensor pools