Enabling OpenText SAST and OpenText Application Security Tools upgrades from Fortify Audit Workbench

Anyone using Fortify Audit Workbench can check on the availability of new OpenText SAST and OpenText Application Security Tools version from Fortify Audit Workbench. If a version newer than the one installed is available, the user can download it and upgrade the local instance. A Fortify Audit Workbench user can also configure Fortify Audit Workbench to check for, download, and install new versions automatically at startup.

To enable this functionality for Fortify Audit Workbench users, an Administrator must first set up the auto upgrade capability on the Application Security host machine.

To make new OpenText SAST and OpenText Application Security Tools installers available to Fortify Audit Workbench users for upgrades:

  1. On the Application Security host, open the <ssc_deploy_dir>/WEB-INF/internal/securityContext.xml file in a text editor.

  2. Locate and uncomment the following line:

    <!-- <security:intercept-url pattern="/update-site/**" 
access="PERM_ANONYMOUS"/> -->
  3. Save and close the securityContext.xml file.

  4. Copy the OpenText_SAST_<version> or OpenText_Application_Security_Tools_<version> installer files to the <ssc_deploy_dir>/update-site/installers/ directory.

  5. In the <ssc_deploy_dir>/update-site/installers/ directory, create an update XML file for each product you want to update:

    1. To enable OpenText SAST updates, create an update XML file (such as update-sast.xml) using the following example:

      <installerInformation> <versionId>2540</versionId> <!--The version of the installer file with periods removed--> <version>25.4.0</version> <!--The version of the installer file--> <platformFileList> <platformFile> <filename>OpenText_SAST_windows-x64_25.4.0.exe</filename> <platform>windows-x64</platform> </platformFile> <platformFile> <filename>OpenText_SAST_linux-x64_25.4.0.run</filename> <platform>linux-x64</platform> </platformFile> <platformFile> <filename>OpenText_SAST_osx-x64_25.4.0.app.zip</filename> <platform>osx</platform> </platformFile> </platformFileList> <downloadLocationList> <downloadLocation> <url>http://localhost:8080/update-site/installers/</url> </downloadLocation> </downloadLocationList>
</installerInformation>

    2. To enable OpenText Application Security Tools updates, create an update XML file (such as update-tools.xml) using the following example:

      <installerInformation> <versionId>2540</versionId> <!--The version of the installer file with periods removed--> <version>25.4.0</version> <!--The version of the installer file--> <platformFileList> <platformFile> <filename>OpenText_Application_Security_Tools_windows-x64_25.4.0.exe</filename> <platform>windows-x64</platform> </platformFile> <platformFile> <filename>OpenText_Application_Security_Tools_linux-x64_25.4.0.run</filename> <platform>linux-x64</platform> </platformFile> <platformFile> <filename>OpenText_Application_Security_Tools_osx-x64_25.4.0.app.zip</filename> <platform>osx</platform> </platformFile> </platformFileList> <downloadLocationList> <downloadLocation> <url>http://localhost:8080/update-site/installers/</url> </downloadLocation> </downloadLocationList>
</installerInformation>

  6. Restart Tomcat server.

For more information about the AutoUpdate tool used for the upgrade functionality, see the Install Builder User Guide.

Fortify Audit Workbench users can now check for and install new OpenText SAST or OpenText Application Security Tools versions. For information about how to perform the upgrades from Fortify Audit Workbench, see the OpenText™ Fortify Audit Workbench User Guide.