- 26 Mar 2025
- 2 Minutes to read
- Print
- DarkLight
Fortify By OpenText
- Updated on 26 Mar 2025
- 2 Minutes to read
- Print
- DarkLight
OpenText™ Fortify™ On Demand is an AppSec as a service offering complete with essential tools, training, AppSec management, and integrations, supporting secure development through continuous feedback to the developer’s desktop. More information can be found at Fortify website.
Integration Method: API
Tables: Vulnerability Finding (2002), Detection Finding (2004)
This integration supports the following events.
Event | Description |
---|---|
Vulnerabilities | Returns the list of vulnerabilities. |
This integration supports the following versions.
Fortify Static Code Analyzer Software Version Tested | v24.4.x |
Fortify by OpenText API version Supported | v3.0 |
Prerequisites
Access to the Fortify By OpenText console for creating API keys.
Access to the DataBee console.
Configuration Overview
Generate an API key and Secret Key in the Fortify By OpenText console.
Add the Fortify By OpenText data feed in the DataBee below parameters parameters.
DataBee Parameter
Fortify by OpenText Parameter
API Base URL: <instance>,<tenant>
Client Key
Client Secret
Token URL: <instance>,<tenant>
Fortify by OpenText Configuration
Start by creating an API Token for the integration.
Verify your Fortify instance URL.
The Fortify Instance URL will vary based on where your Fortify Instance is hosted, please refer the table below.Example: if your Fortify setup instance is (trail) https://trial.fortify.com your <instance> and <tenant> are trial and fortify respectively. In case if you are still unsure, please reach out to Fortify administrator.
Login into Fortify console based on your Fortify instance and enter the ‘Username’, ‘Password’ and ‘Tenant’ details and click Log in.
Click on the Administration tab on top.
Navigate to settings in the left of the page.
Click on the API.
Click +ADD KEY.
Add ‘Name’ and Read Only ‘Role’ of the key and make sure you enable ‘Authorize app to use the API’ as shown below and click on SAVE.
Copy and store the ‘Secret Key’ somewhere safe as it will be required later. Then click CLOSE.
Note:
Make sure to copy and save the Secret Key as it will not be shown again.
Copy the API Key and store it for later use.
DataBee Configuration
Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
Search for the Fortify By OpenText Feed and click it as shown below.
Click on the API Ingest option for collection method as shown below.
Enter feed contact information and click Next.
In the configuration page, confirm the following:
Authorization Method: OAuth2
API Base URL: replace <instance>,<tenant> with your Fortify Instance URL.
Client Key: paste the API Key generated earlier in the Fortify console.
Client Secret: paste the Secret Key generated earlier in the Fortify console.
Event types: preselected for all the event types that integration pulls.
Token URL: replace <instance>,<tenant> with your Fortify Instance URL.
Click Submit.
Troubleshooting Tips
Ensure the API Key and Secret Key are pasted correctly. Since you cannot view the Secret Key after the 1st time, re-create the key, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.
Ensure the Fortify scopes/permissions and the API Base URL given are correct.