Downloading and unpacking Application Security files 


Acquire the installation package and the fortify.license file from the Software Licenses and Downloads (SLD) portal. A helpful how-to video on YouTube™, OpenText Software Fulfillment Training playlist, also provides instructions on how to download OpenText Application Security Software.

To unpack the Application Security installation files:

  1. Extract the contents of the installation package into a temporary directory in a secure location.

  2. Locate the distribution file (Fortify_<version>_Server_WAR_Tomcat.zip) and extract all the contents into a directory in a secure location.

    This includes the ssc.war file, which contains the resources and tools you need for tasks such as configuring Application Security and migrating applications from previous versions.

    The directory into which you extract the distribution file content is referred to in all topics as the <ssc_distribution_dir> directory.

  3. Copy the seed bundle files from the srg_content directory in the temporary directory to the <ssc_distribution_dir> directory. Do not unzip the seed bundle files.

    Although you are not required to copy the resource files to the <ssc_distribution_dir> directory, the procedures in this document assume that you saved the files to that location.

    The seed bundles are described in the following table.

    Seed bundle file name

    Description

    Fortify_Process_Seed_Bundle-2025_Q2_<build>.zipProcess template seed bundle used to seed database tables. It provides a default admin user account and issue template data.
    Fortify_Report_Seed_Bundle-2025_Q2_<build>.zip

    Report seed bundle used to seed database tables. It provides the default set of reports.

    Fortify_PCI_Basic_Seed_Bundle-2025_Q2_<build>.zip

    (Optional) The PCI basic seed bundle adds a Payment Card Industry (PCI) Data Security Standard (DSS) process template and its associated report to the default set of issue templates and reports. After October 2022, the PCI Software Security Framework (SSF) became the standard for evaluation. Use the PCI SSF basic seed bundle to learn how software security issues can affect evaluation under the PCI SSF standards.

    Fortify_PCI_SSF_Basic_Seed_Bundle-2025_Q2_<build>.zip

    (Optional) The PCI SSF basic seed bundle adds a Payment Card Industry (PCI) Software Security Framework (SSF) process template and its associated report to the default set of issue templates and reports. PCI SSF was introduced in June 2019 as a set of new standards to evaluate systems developed by payment software vendors. After October 2022, the PCI Software Security Framework (SSF) became the standard for evaluation. Use the PCI basic seed bundle for evaluation under PCI DSS.

  4. Copy the fortify.license file to the <ssc_distribution_dir> directory.

See Also

High-level deployment tasks