Fortify is a product of Micro Focus which offers a feature called Static Code Analyzer. This will help us scanning for security violations that are specific to the Coding Rule and Guidelines. Also, fortify provides enough data from Analysis and prioritizes the violations for the developers to identify and fix quickly. In this article, we will discuss How to Install and Configure Fortify Static Code Analysis Tool.
Fortify Static Code Analyzer Components
Fortify Static Code Analyzer will come with the following are the components.
How to Install Fortify Static Code Analyzer Component Application
To Install the Fortify Static Code Analyzer, you need to visit the Download page from the Microfocus. This website will ask you to sign up or log in to download any package.
Steps to Install if you have GUI access to your OS
STEP 1: Run the downloaded Installer based on your operating system.
STEP 2: Follow the On-screen Instruction
STEP 3: Optionally, you can select the additional components mentioned in above topic.
STEP 4: Specify the USER for the installation.
STEP 5: Specify the path of the
fortify.license file. (This you need to purchase)
STEP 6: Mention the URL Address of the Update Server. for example . https://update.fortify.com. This will update the Rules on regular basis.
STEP 7: Click Finish at the end
Instruction to Install Fortify Static Code Analyzer with Out GUI
STEP 1: Once you downloaded the package, Create a file called named
<installer_file_name>.options along with the Installation Package. For example, If the Installer file is
Fortify_SCA_and_Apps_<version>_windows_x64.exe, Then Options file is Fortify_SCA_and_Apps_<version>_windows_x64.options.
STEP 2: Then, Add the following lines in the
fortify_license_path=<location to fortify.licensefile> UpdateServer=https://update.fortify.com Installdir=<path of installation directory>
Then save the file.
STEP 3: Then, Run the Silent Installation command in the Command line.
That’s all, The Installation is finished.
Post Installation Tasks
Once you Installed Fortify, you need to prepare your Fortify to start using the Fortify Static Code Analyzer. For the same, Follow the Following Steps.
STEP 1: Go to the Installation Directory and navigate to bin folder in the Command Prompt or in Command line tool.
STEP 2: Then type
scapostinstall. Then, type the for the respective settings to open.
STEP 3: Then, do the following options in the same command line.
scapostinstall operation and do other settings like Security Content Update server, Proxy Server settings, and more if needed. That’s all the Post Installation Tasks. This will start the fortify as the service in the background.
To Verify the Installation, Type
sourceanalyzer in the command line and see if it gives the help section.
Developing the code without Security violations is mandatory as we are having a huge threat from hackers. So, Scanning the Source code before we get it to build is very important. Fortify is one such tool that helps in terms of scanning the Source code for Security Violation and gives you the interactive visual Report. In this article, we discussed How to Install and Configure Fortify Static Code Analysis Tool. In our Next Article, we will discuss How to run Fortify Source Code Analysis and Reports. Stay tuned and subscribe DigitalVarys for more articles and study materials on DevOps, Agile, DevSecOps and App Development.
Experienced DevSecOps Practitioner, Tech Blogger, Expertise in Designing Solutions in Public and Private Cloud. Opensource Community Contributor.