Fortify By Opentext

OpenText™ Fortify™ On Demand is an AppSec as a service offering complete with essential tools, training, AppSec management, and integrations, so you can easily create, supplement, and expand your software security assurance program. It supports secure development through continuous feedback to the developer’s desktop at DevOps speed and scalable security testing embedded into the development tool chain.

Integration Method: API

Tables: Vulnerability Findings, Detection Findings

Events: Vulnerabilities

Integration has been tested against fortify by OpenText API version V3.

Fortify Configuration

1. Login to the Fortify console

2. Navigate to Administration

3. Navigate to Settings and then to API

4. Click on the ADD KEY button.

5. Add Name and Role of the key and make sure you authorize app to use API

6. Copy and store the Secret Key and API KEY from the list

DataBee Configuration

1. To configure the Data Source, login into the Databee UI, navigate to Data and click on Add New Data Source.

2. Search for Fortify, and click on it.

3. Choose API Ingest as the method of data ingestions

4. Configure general data source information and click Next

5. In the next configuration page, enter the following information

• Authorization Method: OAuth2

• Client Key: Enter the previously saved API Key

• Secret Key: Enter the previously saved Secret

Replace the <instant> and <tenant> in API URLs and Token URL fields with your tenant information.

The <instance> and <tenant> depend on where the tenant is hosted. If you are unsure, contact the OpenText support team

Event Samples

Vulnerabilities
{
   "items": [
     {
       "id": 0,
       "releaseId": 0,
       "fisma": "string",
       "severityString": "string",
       "severity": 0,
       "category": "string",
       "kingdom": "string",
       "owasp2004": "string",
       "owasp2007": "string",
       "owasp2010": "string",
       "owasp2013": "string",
       "owasp2017": "string",
       "owasp2021": "string",
       "owaspAsvs4_0": "string",
       "cwe": "string",
       "package": "string",
       "primaryLocation": "string",
       "vulnId": "string",
       "analysisType": "string",
       "lineNumber": 0,
       "hasComments": true,
       "assignedUser": "string",
       "scantype": "string",
       "subtype": "string",
       "primaryLocationFull": "string",
       "hasAttachments": true,
       "pci1_1": "string",
       "pci1_2": "string",
       "pci2": "string",
       "sans2009": "string",
       "sans2010": "string",
       "sans2011": "string",
       "wasc24_2": "string",
       "isSuppressed": true,
       "suppressedBy": "string",
       "scanId": 0,
       "pci3": "string",
       "pci4": "string",
       "pcissf1": "string",
       "stig5": "string",
       "instanceId": "string",
       "auditPendingAuditorStatus": "string",
       "auditorStatus": "string",
       "checkId": "string",
       "closedDate": "2024-08-22T08:15:31.863Z",
       "closedStatus": true,
       "developerStatus": "string",
       "falsePositiveChallenge": "string",
       "introducedDate": "string",
       "scanStartedDate": "2024-08-22T08:15:31.863Z",
       "scanCompletedDate": "2024-08-22T08:15:31.863Z",
       "status": "string",
       "bugSubmitted": true,
       "bugLink": "string",
       "auditPendingSuppression": "string",
       "source": "string",
       "sink": "string",
       "timeToFixDays": 0
     }
   ],
   "filters": [
     {
       "fieldName": "string",
       "fieldFilterValues": [
         {
           "value": "string",
           "count": 0
         }
       ],
       "displayName": "string"
     }
   ],
   "totalCount": 0,
   "isRepositoryUpdating": true,
   "offset": 0,
   "limit": 0
 }

Releases
{
   "items": [
     {
       "releaseId": 0,
       "releaseName": "string",
       "releaseDescription": "string",
       "suspended": true,
       "releaseCreatedDate": "2024-08-22T08:15:31.793Z",
       "microserviceName": "string",
       "microserviceId": 0,
       "applicationId": 0,
       "applicationName": "string",
       "currentAnalysisStatusTypeId": 0,
       "currentAnalysisStatusType": "string",
       "rating": 0,
       "critical": 0,
       "high": 0,
       "medium": 0,
       "low": 0,
       "staticCritical": 0,
       "staticHigh": 0,
       "staticMedium": 0,
       "staticLow": 0,
       "dynamicCritical": 0,
       "dynamicHigh": 0,
       "dynamicMedium": 0,
       "dynamicLow": 0,
       "mobileCritical": 0,
       "mobileHigh": 0,
       "mobileMedium": 0,
       "mobileLow": 0,
       "currentStaticScanId": 0,
       "currentDynamicScanId": 0,
       "currentMobileScanId": 0,
       "staticAnalysisStatusType": "string",
       "dynamicAnalysisStatusType": "string",
       "mobileAnalysisStatusType": "string",
       "staticAnalysisStatusTypeId": 0,
       "dynamicAnalysisStatusTypeId": 0,
       "mobileAnalysisStatusTypeId": 0,
       "staticScanDate": "2024-08-22T08:15:31.793Z",
       "dynamicScanDate": "2024-08-22T08:15:31.793Z",
       "mobileScanDate": "2024-08-22T08:15:31.793Z",
       "issueCount": 0,
       "isPassed": true,
       "passFailReasonTypeId": 0,
       "passFailReasonType": "string",
       "sdlcStatusTypeId": 0,
       "sdlcStatusType": "string",
       "ownerId": 0,
       "IsDebrickedScanEnabled": true,
       "attributes": [
         {
           "name": "string",
           "id": 0,
           "value": "string"
         }
       ]
     }
   ],
   "totalCount": 0,
   "offset": 0,
   "limit": 0
}