Updating Security Content

To optimize the Fortify Eclipse Complete Plugin functionality to scan with OpenText SAST, you must have up-to-date security content. You can update Fortify security content from a configured server or from your local system.

To update security content:

1. Select Fortify > Options.

2. In the left pane, select Security Content Management.

   
   ​
   Scroll to the bottom of the Installed Fortify Security Content list to see the external mappings.

   Any custom rules and custom external mappings appear in the Installed Custom Security Content list.

3. You must provide the location of a locally installed OpenText SAST. If the Fortify Executable Path shows <Unavailable>, do the following:

   1. Click Browse to the right of Fortify Executable Path.

   2. Go to the OpenText SAST installation directory and select the executable file.

      Make sure to set the file type to sourceanalyzer executable.

   3. Click OK.

4. To update Fortify security content from a server, do the following:

   1. (Optional) From the Locale list, select a language.

      OpenText provides security content in English, Simplified Chinese, Traditional Chinese, Japanese, Korean, Spanish, or Brazilian Portuguese. Issue descriptions and recommendations are available in the selected language and the Fortify categories are in English.

   2. Click Update.

5. To update Fortify security content from your local system, under Update Security Content from Local System, do the following:

   1. Click Fortify Security Content.

   2. Navigate to a Fortify security content ZIP file, and then click Open.

All existing security content is replaced with the selected Fortify security content. Any existing custom security content is unchanged.

See Also

Importing Custom Security Content

Configuring Security Content Updates