Dependency-Track logov4.3

Dependency-Track can automatically publish results to Fortify Software Security Center (SSC) providing a consolidated view of security-centric code findings and vulnerable component findings.

Dependency-Track accomplishes this in the following ways:


Dependency-Track Configuration

Global configuration

Dependency-Track requires the use of a CIToken. Refer to the Fortify SSC documentation for more information.

Configure SSC Integration

Per-project configuration

Dependency-Track includes the ability to specify configuration properties on a per-project basis. This feature is used to map projects in Dependency-Track to applications in Fortify SSC.

Attribute Value
Group Name integrations
Property Name fortify.ssc.applicationId
Property Value The application version ID in SSC
Property Type STRING

Fortify SSC Configuration

Step 1: Navigate to parsers

Navigate to parsers

Step 2: Install the plugin

Install the plugin

Step 3: Verify plugin is installed

Verify plugin is installed

Step 4: Enable plugin

Enable plugin

Step 5: Verify plugin is enabled

Verify plugin is enabled

At this point the plugin is installed and ready to accept payloads from Dependency-Track. Once Dependency-Track pushes a payload to SSC, it will be displayed among the projects artifacts and the results will be filterable within the audit view.

SSC artifacts

SSC analysis