Installing Fortify Static Code Analyzer

To install Fortify Static Code Analyzer:

  1. Run the installer file for your operating system to start the Fortify Static Code Analyzer Setup Wizard:

    • Windows: Fortify_SCA_<version>_windows_x64.exe
    • Linux: Fortify_SCA_<version>_linux_x64.run

    • macOS: Fortify_SCA_<version>_osx_x64.app.zip

    • AIX: Fortify_SCA_<version>_aix_x64.run

    • Solaris: Fortify_SCA_<version>_solaris_x86.run or Fortify_SCA_<version>_solaris10_sparc.run

    where <version> is the software release version, and then click Next.

  2. Review and accept the license agreement, and then click Next.

  3. (Optional) Select the components to install, and then click Next.

  4. If the installer detects that the system does not include the minimum software required to analyze some types of projects, a System Requirements page displays any missing requirements and which projects require them.

    See the Fortify Software System Requirements document for all software requirements.

  5. Choose where to install Fortify Static Code Analyzer, and then click Next.

    Important! Do not install Fortify Static Code Analyzer in the same directory where Fortify Applications and Tools is installed.

    Note: If you will include Micro Focus Fortify ScanCentral SAST with the installation, you must specify a location that does not include spaces in the path.

  6. Specify the path to the fortify.license file, and then click Next.

  7. (Optional) On the LIM License page, select Yes to use the Fortify License and Infrastructure Manager (LIM) for managing your concurrent licenses, and then click Next.

    Note: When Fortify Static Code Analyzer performs a task that requires a license, Fortify Static Code Analyzer will attempt to acquire a LIM lease from the license pool. If Fortify Static Code Analyzer fails to acquire a license due to a communication issue with the LIM server, it will use the Fortify license file. To change this behavior, use the com.fortify.sca.lim.WaitForInitialLicense in the fortify-sca.properties file (see LIM License Properties).

    1. Type the LIM API URL, the license pool name, and the pool password.

    2. Click Next. The LIM Proxy Settings page opens.

    3. If connection to the LIM server requires a proxy server, type the proxy host (hostname or IP address of your proxy server) and optionally a port number.

    4. Click Next.

  8. Specify the settings required to update your Fortify security content.

    To update the security content for your installation:

    Note: For deployment environments that do not have access to the Internet during installation, you can update the security content using the fortifyupdate command-line tool. See Manually Installing Fortify Security Content.

    1. Type the URL of the update server. To use the Fortify Rulepack update server for security content updates, keep the URL as: https://update.fortify.com. You can also use Micro Focus Fortify Software Security Center as the update server.

    2. (Optional) If connection to the update server requires a proxy server, type the proxy host and port number.

    3. If you want to update the security content manually, clear the Update security content after installation check box.

    4. Click Next.

  9. Specify if you want to migrate from a previous installation of Fortify Static Code Analyzer on your system.

    Migrating from a previous Fortify Static Code Analyzer installation preserves Fortify Static Code Analyzer artifact files. For more information, see About Upgrading Fortify Static Code Analyzer.

    Note: You can also migrate Fortify Static Code Analyzer artifacts using the scapostinstall command-line tool. For information on how to use the post-install tool to migrate from a previous Fortify Static Code Analyzer installation, see Migrating Properties Files.

    To migrate artifacts from a previous installation:

    1. In the Static Code Analyzer Migration page, select Yes, and then click Next.
    2. Specify the location of the existing Fortify Static Code Analyzer installation on your system, and then click Next.

    To skip migration of artifacts from a previous release, leave the Static Code Analyzer Migration selection set to No, and then click Next.

  10. Click Next on the Ready to Install page to install Fortify Static Code Analyzer, any selected components, and Fortify security content.

    If you selected to update security content, the Security Content Update Result window displays the security content update results.

  11. Click Finish to close the Fortify Static Code Analyzer Setup Wizard.