Am I reading the correct user guide?
Am I reading the correct user guide?
Some connectors on the Vulcan help center offer multiple user guides tailored to different setups and versions.
Click on 'How to connect' on the Connector's setup page to open the right guide for your setup and version, ensuring accuracy and relevance.
Overview
About Fortify SAST
Fortify SAST pinpoints the root cause of security vulnerabilities in the source code, prioritizes the most serious issues, and provides detailed guidance on how to fix them. Plus, centralized software security management helps developers resolve issues in less time.
Why integrate Fortify SAST into the Vulcan platform?
The Fortify SAST Connector by Vulcan integrates with the Fortify Software Security Center platform to pull and ingest assets and vulnerability data into your Vulcan Platform. Once the integration is complete, the Vulcan Platform scans the report's findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priority.
Fortify SAST Connector Details
Supported products | |
Category | Application Security SAST |
Ingested asset type(s) | Code Projects |
Integration type | UNI directional (data is transferred from the Connector to the Vulcan Platform in one direction) |
Supported version and type | SaaS (latest)
Fortify SAST on-prem is not supported. |
Connector Setup
Prerequisites and user permissions
Generate API ID and Secret Keys
Access your Fortify SAST account by logging in with your credentials. Ensure you have administrative access to proceed with the setup.
Go to the Administration section > Settings > API
Click on Add Key to initiate the creation of a new API key.
In the provided fields, enter a name for the application in the Application Name section. Choose a name that reflects its connection with Vulcan Cyber.
Select the role of Start Scans from the list of available roles. This role enables the application to initiate scans via the API.
Ensure you enable API authorization by checking the Authorize app to use API option.
After filling out all necessary information, click Save to finalize the creation of the API key.
Upon saving, copy the Secret Code presented to you. Make sure to store it in a secure location as it is critical for integration and won't be displayed again.
Similarly, copy the API Key for the application. This key, along with the secret code, will be required for the integration with Vulcan Cyber.
Configuring the Fortify SAST Connector
Log in to your Vulcan Cyber dashboard and go to Connectors.
Click on Add a Connector.
Click on the Fortify SAST icon.
Set up the Connector as follows:
Select the relevant Data Center (USA, EMEA, APAC, FedRAMP, or TRIAL).
Insert the Client API and Secret IDs you generated earlier.
Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Fortify SAST instance, then click Create (or Save Changes).
Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.
Allow some time for the sync to complete. Then, you can review the sync status under Log on the Connector's setup page.
To confirm the sync is complete, navigate to the Connectors page. Once the Fortify SAST icon shows Connected, the sync is complete.
Fortify SAST in the Vulcan Platform
Viewing Fortify SAST vulnerabilities in the Vulcan Platform
To view vulnerabilities by Connector:
Go to the Vulnerabilities page.
Click on Filter and set the condition to Vulnerability > Connector is Fortify SAST.
You can add more filters to narrow down your search further.
See the complete list of available vulnerability filters.Click on a vulnerability for more vulnerability details.
Viewing Fortify SAST assets in the Vulcan Platform
To view assets by Connector:
Go to the Assets page > Code Projects
Click on Filter and set the condition to Assets > Connector is Fortify SAST.
You can add more filters to narrow down your search further.
See the complete list of available asset filters.Click on any asset for more asset details.
Taking Action on vulnerabilities and assets detected by Fortify SAST
To take remediation action on vulnerabilities and assets detected by Fortify SAST:
Go to the Vulnerabilities pr Assets Page.
Use the Filter to filter vulnerabilities by the Fortify SAST connector and display all synced vulnerabilities/assets along with their associated assets/vulnerabilities.
Select the relevant Vulnerabilities/assets out of the results list.
Click on Take Action to proceed with remediation or further actions.
Automating remediation actions on vulnerabilities detected by Fortify SAST
Use Vulcan Playbooks to create automation and remediate vulnerabilities at scale.