Dependency-Track logov4.10

Dependency-Track can automatically publish results to Fortify Software Security Center (SSC) providing a consolidated view of security-centric code findings and vulnerable component findings.

Dependency-Track accomplishes this in the following ways:

Requirements:

Dependency-Track Configuration #

Global configuration #

Dependency-Track requires the use of a CIToken. Refer to the Fortify SSC documentation for more information.

Configure SSC Integration

Per-project configuration #

Dependency-Track includes the ability to specify configuration properties on a per-project basis. This feature is used to map projects in Dependency-Track to applications in Fortify SSC.

Attribute Value
Group Name integrations
Property Name fortify.ssc.applicationId
Property Value The application version ID in SSC
Property Type STRING

Fortify SSC Configuration #

Step 1: Navigate to parsers #

Navigate to parsers

Step 2: Install the plugin #

Install the plugin

Step 3: Verify plugin is installed #

Verify plugin is installed

Step 4: Enable plugin #

Enable plugin

Step 5: Verify plugin is enabled #

Verify plugin is enabled

At this point the plugin is installed and ready to accept payloads from Dependency-Track. Once Dependency-Track pushes a payload to SSC, it will be displayed among the projects artifacts and the results will be filterable within the audit view.

SSC artifacts

SSC analysis