Updating Security Content

Use the fortifyupdate command-line tool to either download security content or import a local copy of the security content. This tool is located in the <sca_install_dir>/bin directory.

The default read timeout for this tool is 180 seconds. To change the timeout setting, add the rulepackupdate.SocketReadTimeoutSeconds property in the server.properties configuration file. For more information, see the Fortify Static Code Analyzer Applications and Tools Properties Reference Guide.

The basic command-line syntax for fortifyupdate is shown in the following example:

fortifyupdate [<options>]

To update your Fortify Static Code Analyzer installation with the latest Fortify Secure Coding Rulepacks and external metadata from the Fortify Rulepack update server, type the following command:

fortifyupdate

To update security content from the local system:

fortifyupdate -import <my_local_rules>.zip

To update security content from a Fortify Software Security Center server using credentials:

fortifyupdate -url <ssc_url> -sscUser <username> -sscPassword <password>