Fortify By OpenText
  • 26 Mar 2025
  • 2 Minutes to read
  • Dark
    Light

Fortify By OpenText

  • Dark
    Light

Article summary

OpenText™ Fortify™ On Demand is an AppSec as a service offering complete with essential tools, training, AppSec management, and integrations, supporting secure development through continuous feedback to the developer’s desktop. More information can be found at Fortify website.

Integration Method: API  

Tables: Vulnerability Finding (2002), Detection Finding (2004)

This integration supports the following events.

Event

Description

Vulnerabilities 

Returns the list of vulnerabilities.

This integration supports the following versions. 

Fortify Static Code Analyzer Software Version Tested

v24.4.x

Fortify by OpenText API version Supported 

v3.0 

Prerequisites 

  • Access to the Fortify By OpenText console for creating API keys.

  • Access to the DataBee console.

Configuration Overview 

  1. Generate an API key and Secret Key in the Fortify By OpenText console. 

  2. Add the Fortify By OpenText data feed in the DataBee below parameters parameters.

    DataBee Parameter

    Fortify by OpenText Parameter

    API Base URL: <instance>,<tenant>

    Fortify Instance URL

    Client Key  

    API Key

    Client Secret

    Secret Key

    Token URL: <instance>,<tenant>

    Fortify Instance URL

Fortify by OpenText Configuration 

Start by creating an API Token for the integration.

  1. Verify your Fortify instance URL.
    The Fortify Instance URL will vary based on where your Fortify Instance is hosted, please refer the table below.

    Example: if your Fortify setup instance is (trail) https://trial.fortify.com your <instance> and <tenant> are trial and fortify respectively. In case if you are still unsure, please reach out to Fortify administrator.
     

  2. Login into Fortify console based on your Fortify instance and enter the ‘Username’, ‘Password’ and ‘Tenantdetails and click Log in.
     

  3. Click on the Administration tab on top.
      

  4. Navigate to settings in the left of the page.
     

  5. Click on the API.
     

  6. Click +ADD KEY.
     

  7. Add ‘Name’ and Read Only ‘Role’ of the key and make sure you enable ‘Authorize app to use the API’ as shown below and click on SAVE. 
     

  8. Copy and store the ‘Secret Key’ somewhere safe as it will be required later. Then click CLOSE.
     A screenshot of a computer  AI-generated content may be incorrect. 

    Note:

    Make sure to copy and save the Secret Key as it will not be shown again.

  9. Copy the API Key and store it for later use.


DataBee Configuration

  1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
     A screenshot of a computer  AI-generated content may be incorrect.

  2. Search for the Fortify By OpenText Feed and click it as shown below.
      

  3. Click on the API Ingest option for collection method as shown below.
      

  4. Enter feed contact information and click Next.
       

  5. In the configuration page, confirm the following: 

    • Authorization Method: OAuth2  

    • API Base URL: replace <instance>,<tenant> with your Fortify Instance URL.

    • Client Key: paste the API Key generated earlier in the Fortify console.

    • Client Secret: paste the Secret Key generated earlier in the Fortify console.

    • Event types: preselected for all the event types that integration pulls.

    • Token URL: replace <instance>,<tenant> with your Fortify Instance URL.

  1. Click Submit.

Troubleshooting Tips

  • Ensure the API Key and Secret Key are pasted correctly. Since you cannot view the Secret Key after the 1st time, re-create the key, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.

  • Ensure the Fortify scopes/permissions and the API Base URL given are correct.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence