OpenText™ Fortify™ On Demand is an AppSec as a service offering complete with essential tools, training, AppSec management, and integrations, supporting secure development through continuous feedback to the developer’s desktop. More information can be found at Fortify website.

Integration Method: API  

Tables: Vulnerability Finding (2002), Detection Finding (2004)

This integration supports the following events.

This integration supports the following versions. 

Prerequisites 

• Access to the Fortify By OpenText console for creating API keys.

• Access to the DataBee console.

Configuration Overview 

1. Generate an API key and Secret Key in the Fortify By OpenText console. 

2. Add the Fortify By OpenText data feed in the DataBee below parameters parameters.

   DataBee Parameter	Fortify by OpenText Parameter
   API Base URL: <instance>,<tenant>	Fortify Instance URL
   Client Key	API Key
   Client Secret	Secret Key
   Token URL: <instance>,<tenant>	Fortify Instance URL

Fortify by OpenText Configuration 

Start by creating an API Token for the integration.

1. Verify your Fortify instance URL.
   The Fortify Instance URL will vary based on where your Fortify Instance is hosted, please refer the table below.

   Example: if your Fortify setup instance is (trail) https://trial.fortify.com your <instance> and <tenant> are trial and fortify respectively. In case if you are still unsure, please reach out to Fortify administrator.
    
   

2. Login into Fortify console based on your Fortify instance and enter the ‘Username’, ‘Password’ and ‘Tenant’ details and click Log in.
    

3. Click on the Administration tab on top.
     

4. Navigate to settings in the left of the page.
    

5. Click on the API.
    

6. Click +ADD KEY.
    

7. Add ‘Name’ and Read Only ‘Role’ of the key and make sure you enable ‘Authorize app to use the API’ as shown below and click on SAVE. 
    

8. Copy and store the ‘Secret Key’ somewhere safe as it will be required later. Then click CLOSE.
     
   

   Note:

   Make sure to copy and save the Secret Key as it will not be shown again.

9. Copy the API Key and store it for later use.

   
   

DataBee Configuration

1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
    

2. Search for the Fortify By OpenText Feed and click it as shown below.
     

3. Click on the API Ingest option for collection method as shown below.
     

4. Enter feed contact information and click Next.
      

5. In the configuration page, confirm the following: 

   • Authorization Method: OAuth2  

   • API Base URL: replace <instance>,<tenant> with your Fortify Instance URL.

   • Client Key: paste the API Key generated earlier in the Fortify console.

   • Client Secret: paste the Secret Key generated earlier in the Fortify console.

   • Event types: preselected for all the event types that integration pulls.

   • Token URL: replace <instance>,<tenant> with your Fortify Instance URL.

   

6. Click Submit.

Troubleshooting Tips

• Ensure the API Key and Secret Key are pasted correctly. Since you cannot view the Secret Key after the 1^st time, re-create the key, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.

• Ensure the Fortify scopes/permissions and the API Base URL given are correct.