Fortify Sys Reqs 22.1.0
Uploaded by
quyetpv144Fortify Sys Reqs 22.1.0
Uploaded by
quyetpv144Micro Focus
Fortify Software
Software Version: 22.1.0
System Requirements
Document Release Date: Revision 2: October 14, 2022
Software Release Date: June 2022
System Requirements
Legal Notices
Micro Focus
The Lawn
22-30 Old Bath Road
Newbury, Berkshire RG14 1QN
UK
https://www.microfocus.com
Warranty
The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the
express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an
additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The
information contained herein is subject to change without notice.
Restricted Rights Legend
Confidential computer software. Except as specifically indicated otherwise, a valid license from Micro Focus is required for
possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software
Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard
commercial license.
Copyright Notice
© Copyright 2001 - 2022 Micro Focus or one of its affiliates
Trademark Notices
All trademarks, service marks, product names, and logos included in this document are the property of their respective owners.
Documentation Updates
The title page of this document contains the following identifying information:
l Software Version number
l Document Release Date, which changes each time the document is updated
l Software Release Date, which indicates the release date of this version of the software
This document was produced on October 14, 2022. To check for recent updates or to verify that you are using the most recent
edition of a document, go to:
https://www.microfocus.com/support/documentation
Micro Focus Fortify Software (22.1.0) Page 2 of 66
System Requirements
Contents
Preface 7
Contacting Micro Focus Fortify Customer Support 7
For More Information 7
About the Documentation Set 7
Fortify Product Feature Videos 7
Change Log 8
Introduction 9
Software Delivery 9
Software Licenses 9
Fortify License and Infrastructure Manager Requirements 9
Hardware Requirements 10
Software Requirements 10
LIM on Docker Requirements 11
Fortify ScanCentral DAST Requirements 11
Architectural Best Practices 12
Fortify ScanCentral DAST Configuration Tool CLI 12
Software Requirements 12
Hardware Requirements 12
Fortify ScanCentral DAST Database Requirements 13
Database Recommendations 13
Fortify ScanCentral DAST Core Components VM 13
Software Requirements 14
Hardware Requirements 14
Fortify ScanCentral DAST Sensor 14
Fortify WebInspect on Docker Option 14
Classic Fortify WebInspect Installation Option 14
Fortify ScanCentral DAST Ports and Protocols 15
DAST API Required Connections 15
DAST Global Service Required Connections 15
DAST Sensor Required Connections 16
DAST Utility Service Required Connections 16
Fortify ScanCentral DAST Browsers 17
Standalone Web Macro Recorder Requirements 17
Running as Administrator 17
Micro Focus Fortify Software (22.1.0) Page 3 of 66
System Requirements
Software Integrations for Fortify ScanCentral DAST 18
Fortify ScanCentral SAST Requirements 18
Fortify ScanCentral SAST Controller Requirements 18
Fortify ScanCentral SAST Controller Hardware Requirements 18
Fortify ScanCentral SAST Controller Platforms and Architectures 19
Fortify ScanCentral SAST Controller Application Server 19
Fortify ScanCentral SAST Client and Sensor Requirements 19
Fortify ScanCentral SAST Client and Sensor Hardware Requirements 19
Sensor Disk Space Requirements 19
Fortify ScanCentral SAST Client and Sensor Software Requirements 20
Fortify ScanCentral SAST Sensor Languages and Build Tools 20
Languages 20
Build Tools 21
Fortify Software Security Center Server Requirements 21
Hardware Requirements 21
Database Hardware Requirements 21
Database Performance Metrics for Minimum and Recommended Hardware
Requirements 22
Platforms and Architectures 22
Application Servers 23
Fortify Software Security Center Database 23
Deploying Fortify Software Security Center to a Kubernetes Cluster (Optional
Deployment Strategy) 24
Kubernetes Requirements 24
Locally-Installed Tools Required 25
Additional Requirements 25
Browsers 25
Authentication Systems 26
Single Sign-On (SSO) 26
BIRT Reporting 26
(Linux with OpenJDK only) Installing Required Fonts 26
Service Integrations for Fortify Software Security Center 27
Fortify Static Code Analyzer Requirements 27
Hardware Requirements 27
Software Requirements 28
Platforms and Architectures 28
Languages 29
Libraries, Frameworks, and Technologies 32
Micro Focus Fortify Software (22.1.0) Page 4 of 66
System Requirements
Build Tools 36
Compilers 36
Secure Code Plugins 37
Single Sign-On (SSO) 38
Service Integrations for Fortify Static Code Analyzer Tools 38
Fortify Software Security Content 39
BIRT Reports 39
Fortify WebInspect Requirements 39
WebInspect Hardware Requirements 39
WebInspect Software Requirements 40
Support for Postman 41
Notes on SQL Server Editions 42
WebInspect on Docker 42
Hardware Requirements 43
Fortify WebInspect Ports and Protocols 43
Required Connections 43
Optional Connections 44
Connections for Tools 46
Fortify WebInspect Agent 47
WebInspect Software Development Kit (SDK) 47
Software Integrations for Fortify WebInspect 47
Fortify WebInspect Agent Requirements 47
Platforms and Architectures 48
Java Runtime Environments 48
Java Application Servers 48
.NET Frameworks 48
IIS for Windows Server 49
Fortify WebInspect Enterprise Requirements 49
Important Information About This Release 49
Integrations for Fortify WebInspect Enterprise 49
Fortify WebInspect Enterprise Database 49
WebInspect Enterprise Hardware Requirements 50
WebInspect Enterprise Software Requirements 50
Administrative Console Requirements 51
Hardware Requirements 51
Software Requirements 52
Fortify WebInspect Enterprise Ports and Protocols 52
Required Connections 52
Micro Focus Fortify Software (22.1.0) Page 5 of 66
System Requirements
Optional Connections 53
Connections for Tools 56
Fortify WebInspect Enterprise Sensor 56
Fortify WebInspect Enterprise Notes and Limitations 56
Fortify Project Results (FPR) File Compatibility 57
Virtual Machine Support 57
Technologies no Longer Supported in this Release 58
Technologies to Lose Support in the Next Release 58
Acquiring Fortify Software 59
About Verifying Software Downloads 63
Preparing Your System for Digital Signature Verification 63
Verifying Software Downloads 64
Assistive Technologies (Section 508) 64
Send Documentation Feedback 66
Micro Focus Fortify Software (22.1.0) Page 6 of 66
System Requirements
Preface
Contacting Micro Focus Fortify Customer Support
Visit the Support website to:
l Manage licenses and entitlements
l Create and manage technical assistance requests
l Browse documentation and knowledge articles
l Download software
l Explore the Community
https://www.microfocus.com/support
For More Information
For more information about Fortify software products:
https://www.microfocus.com/cyberres/application-security
About the Documentation Set
The Fortify Software documentation set contains installation, user, and deployment guides for all
Fortify Software products and components. In addition, you will find technical notes and release notes
that describe new features, known issues, and last-minute updates. You can access the latest versions
of these documents from the following Micro Focus Product Documentation website:
https://www.microfocus.com/support/documentation
To be notified of documentation updates between releases, subscribe to Fortify Product
Announcements on the Micro Focus Community:
https://community.microfocus.com/cyberres/fortify/w/fortify-product-announcements
Fortify Product Feature Videos
You can find videos that highlight Fortify products and features on the Fortify Unplugged YouTube
channel:
https://www.youtube.com/c/FortifyUnplugged
Micro Focus Fortify Software (22.1.0) Page 7 of 66
System Requirements
Change Log
The following table lists revisions made to this document.
Document Revision Changes
Revision 2: October Updated:
14, 2022
l Incorporated changes included in Fortify Software Security Content
2022 Update 3 (see "Libraries, Frameworks, and Technologies" on
page 32).
Revision 1: July 12, Updated:
2022 l Incorporated changes included in Fortify Software Security Content
2022 Update 2 (see "Libraries, Frameworks, and Technologies" on
page 32).
l Added newly supported versions of xcodebuild that are available with
Micro Focus Fortify Static Code Analyzer version 22.1.1 (see"Build
Tools" on page 36).
l Added support for IntelliJ IDEA version 2022.1 (see "Secure Code
Plugins" on page 37).
Removed:
l Browser requirements listed for Fortify WebInspect
Micro Focus Fortify Software (22.1.0) Page 8 of 66
System Requirements
Introduction
This document provides the details about the environments and products that Micro Focus supports
for this version of Micro Focus Fortify Software, which includes:
l Micro Focus Fortify License and Infrastructure Manager
l Micro Focus Fortify ScanCentral DAST
l Micro Focus Fortify ScanCentral SAST
l Micro Focus Fortify Software Security Center Server
l Micro Focus Fortify Static Code Analyzer and Fortify Static Code Analyzer Tools (Micro Focus
Fortify Audit Workbench and Secure Code Plugins)
l Micro Focus Fortify WebInspect
l Micro Focus Fortify WebInspect Agent
l Micro Focus Fortify WebInspect Enterprise
Software Delivery
Micro Focus Fortify Software is delivered electronically. See "Acquiring Fortify Software" on page 59
for more information.
Software Licenses
Micro Focus Fortify Software products require a license.
For Micro Focus Fortify ScanCentral DAST, Micro Focus Fortify Static Code Analyzer, Micro Focus
Fortify WebInspect, and Micro Focus Fortify WebInspect Enterprise, you will receive an email with
instructions for how to activate your product.
For all other Fortify Software products described in this document (including Fortify Static Code
Analyzer and Secure Code Plugins), you must download the Fortify license file for your purchase from
the Micro Focus Software Licenses and Downloads (SLD) portal (https://sld.microfocus.com). Use the
credentials that Micro Focus Fortify Customer Support has provided for access.
Fortify License and Infrastructure Manager
Requirements
This section describes the hardware and software requirements for Micro Focus Fortify License and
Infrastructure Manager (LIM).
Micro Focus Fortify Software (22.1.0) Page 9 of 66
System Requirements
Hardware Requirements
Fortify recommends that you install the LIM on a system that conforms to the supported components
listed in following table.
Component Requirement Notes
Processor 2.5 GHz single-core or faster Recommended
1.5 GHz single-core Minimum
RAM 2+ GB Recommended
1 GB Minimum
Hard disk 50+ GB Recommended
20 GB Minimum
Display 1280 x 1024 Recommended
1024 x 768 Minimum
Software Requirements
LIM runs on and works with the software packages listed in the following table. Beta or pre-release
versions of operating systems, service packs, and required third-party components are not supported.
Package Versions Notes
Windows Server Windows Server 2016
Windows Server 2019
Web Server IIS 8.5 Recommended
IIS 7.5, 8.0, 10
Micro Focus Fortify Software (22.1.0) Page 10 of 66
System Requirements
Package Versions Notes
.NET Platform .NET Framework 4.5, 4.6.1, When configuring Roles and Features in
4.7 Windows Server Manager, you might see .NET
Framework 4.6 rather than 4.6.1 even though
you have installed 4.6.1. You can confirm the
installed version in the Command Prompt using
the .\MSBuild.exe -version command in
the following directory:
%windir%\Microsoft.NET\Framework\
<version>
ASP.NET 4.5, 4.6, 4.7
Browser Internet Explorer 11 Recommended
Mozilla Firefox 51.0 Recommended
Mozilla Firefox 44.0, 47.0,
69.0
LIM on Docker Requirements
LIM on Docker has the requirements listed in the following table.
Software Version
Windows Windows Server 2019
Docker Enterprise 18.09 or later
Fortify ScanCentral DAST Requirements
Before you install Micro Focus Fortify ScanCentral DAST, make sure that your system meets the
requirements described in this section. Fortify does not support beta or pre-release versions of
operating systems, service packs, or required third-party components.
Micro Focus Fortify Software (22.1.0) Page 11 of 66
System Requirements
Architectural Best Practices
Follow these best practice guidelines when you install Fortify ScanCentral DAST:
l Install the DAST API, DAST Global Service, DAST Utility Service, and Fortify License and
Infrastructure Manager (LIM) on the same VM or on separate VMs.
l Do not install the Fortify WebInspect sensor (container or classic installation) on the same VM as
any of the other DAST components.
For more information about the Fortify ScanCentral DAST components, see the Micro Focus Fortify
ScanCentral DAST Configuration and Usage Guide.
Fortify ScanCentral DAST Configuration Tool CLI
This topic describes the software and hardware requirements for the machine on which the
configuration tool CLI runs to configure settings for the Fortify ScanCentral DAST components.
Software Requirements
The Fortify ScanCentral DAST Configuration Tool CLI runs on and works with the software packages
listed in the following table.
Package Versions
Windows Windows 10
Windows Server 2019
.NET Platform .NET SDK Core Runtime 5.0.202
Hardware Requirements
Fortify recommends that you use the Fortify ScanCentral DAST Configuration Tool CLI on a system
that conforms to the supported components listed in the following table.
Component Requirement Notes
RAM 2+ GB Recommended
1 GB Minimum
Micro Focus Fortify Software (22.1.0) Page 12 of 66
System Requirements
Fortify ScanCentral DAST Database Requirements
Fortify ScanCentral DAST requires the database server listed in the following table.
Package Versions Notes
SQL Server SQL Server Recommended
2019
(English- No scan database limit
language
version only) SQL Server
2017
Azure SQL Using Azure SQL Server outside the Azure infrastructure may
Server cause poor performance for Fortify ScanCentral DAST. Fortify
recommends using Azure SQL Server with Fortify ScanCentral
DAST inside the Azure infrastructure only.
Amazon RDS
for SQL
Server
PostgreSQL PostgreSQL
Azure
PostgreSQL
Amazon RDS
for
PostgreSQL
Database Recommendations
Fortify recommends that you configure the database server on a separate machine from either Micro
Focus Fortify Software Security Center or any other Fortify ScanCentral DAST components.
The Fortify ScanCentral DAST SQL database requires case-insensitive collation.
Important! This is opposite the requirement for Fortify Software Security Center databases as
described in "Fortify Software Security Center Database" on page 23.
Fortify ScanCentral DAST Core Components VM
This topic describes the hardware and software requirements to run the DAST API, DAST Global
Service, and DAST Utility Service containers.
Micro Focus Fortify Software (22.1.0) Page 13 of 66
System Requirements
Software Requirements
The DAST API, DAST Global Service, and DAST Utility Service containers run on and work with the
software packages listed in the following table.
Software Versions
Windows Windows Server 2019
Docker 18.09 or later
Hardware Requirements
Fortify recommends that you use the DAST API, DAST Global Service, and DAST Utility Service
containers on a system that conforms to the supported components listed in the following table.
Component Requirement
RAM 32 GB
Processor 8 Core
Fortify ScanCentral DAST Sensor
The following options are available for a Fortify ScanCentral DAST sensor:
l Use the Fortify WebInspect on Docker image in a container
l Use a classic Fortify WebInspect installation with the Fortify ScanCentral DAST sensor service
Fortify WebInspect on Docker Option
For system requirements for this option, see "WebInspect on Docker" on page 42.
Classic Fortify WebInspect Installation Option
For hardware and software requirements for this option, see "WebInspect Hardware Requirements" on
page 39 and "WebInspect Software Requirements" on page 40. Additionally, if you plan to conduct
Postman scans, see "Support for Postman" on page 41.
Important! When running a Fortify ScanCentral DAST sensor outside of a container, such as a
sensor service on the same machine as a classic Fortify WebInspect installation, you must install
the .NET SDK Core Runtime 5.0.202.
Micro Focus Fortify Software (22.1.0) Page 14 of 66
System Requirements
Fortify ScanCentral DAST Ports and Protocols
This section describes the ports and protocols that the Fortify ScanCentral DAST components use to
make required and optional connections.
DAST API Required Connections
The following table lists the ports and protocols that the DAST API container uses for required
connections.
Endpoint Port Protocol Notes
Fortify Software 80 HTTP If SSL is not configured, the port on the host running
Security Center the container is forwarded to port 80 on the container.
DAST Global Host port mapping is customizable to the container
Service port.
DAST Sensor
Service
Fortify Software 443 HTTPS If SSL is configured, the port on the host running the
Security Center container is forwarded to port 443 on the container.
DAST Global Host port mapping is customizable to container port.
Service
DAST Sensor
Service
SQL Server, 1433 TCP This is the default SQL Server port.
Azure SQL
Server, or
Amazon RDS for
SQL Server
PostgreSQL, 5432 TCP This is the default PostgreSQL port.
Azure
PostgreSQL, or
Amazon RDS for
PostgreSQL
DAST Global Service Required Connections
The DAST Global Service does not expose any ports.
Micro Focus Fortify Software (22.1.0) Page 15 of 66
System Requirements
The following table lists the ports and protocols that the DAST Global Service container uses for
required connections.
Endpoint Port Protocol Notes
SQL Server, 1433 TCP This is the default SQL Server port.
Azure SQL
Server, or
Amazon RDS
for SQL Server
PostgreSQL, 5432 TCP This is the default PostgreSQL port.
Azure
PostgreSQL, or
Amazon RDS
for PostgreSQL
DAST Sensor Required Connections
The DAST sensor does not expose any ports.
The DAST sensor communicates with the DAST API over the port that is exposed on the host running
the DAST API container.
DAST Utility Service Required Connections
The following table lists the ports and protocols that the DAST Utility Service container uses for
required connections.
Endpoint Port Protocol Notes
DAST API 5000 HTTP If SSL is not configured, the port on the host running
the container is forwarded to port 5000 on the
container.
Host port mapping is customizable to the container
port.
DAST API 5001 HTTPS If SSL is configured, the port on the host running the
container is forwarded to port 5001 on the container.
Host port mapping is customizable to container port.
SQL Server, 1433 TCP This is the default SQL Server port.
Azure SQL
Micro Focus Fortify Software (22.1.0) Page 16 of 66
System Requirements
Endpoint Port Protocol Notes
Server, or
Amazon RDS for
SQL Server
PostgreSQL, 5432 TCP This is the default PostgreSQL port.
Azure
PostgreSQL, or
Amazon RDS for
PostgreSQL
Fortify ScanCentral DAST Browsers
Fortify recommends that you use one of the browsers listed in the following table and a screen
resolution of 1400 x 800.
Browser Version
Google Chrome 90 or later
Microsoft Edge 90 or later
Mozilla Firefox 91 or later
Safari 14 or later
Standalone Web Macro Recorder Requirements
Fortify ScanCentral DAST allows you to download and use a standalone version of the Web Macro
Recorder tool. The Web Macro Recorder tool runs on and works with the software packages listed in
the following table.
Package Version
Windows Windows 10
Windows Server 2019
Running as Administrator
The standalone Web Macro Recorder tool requires administrative privileges for proper operation of all
features. Refer to the Windows operating system documentation for instructions on changing the
privilege level to run the Web Macro Recorder tool as an administrator.
Micro Focus Fortify Software (22.1.0) Page 17 of 66
System Requirements
Software Integrations for Fortify ScanCentral DAST
The following table lists products that you can integrate with Fortify ScanCentral DAST.
Product Versions
Micro Focus Fortify Software Security Center 22.1.0
Kubernetes on Azure 1.19 or later
Fortify ScanCentral SAST Requirements
Micro Focus Fortify ScanCentral SAST has three major components: a ScanCentral Controller,
ScanCentral clients, and ScanCentral sensors.
Fortify ScanCentral SAST Controller Requirements
This section describes the hardware and platform requirements for the Fortify ScanCentral SAST
Controller.
Fortify ScanCentral SAST Controller Hardware Requirements
Fortify recommends that you install the Fortify ScanCentral SAST Controller on a high-end 64-bit
processor running at 2 GHz with at least 8 GB of RAM.
To estimate the amount of disk space required on the machine that runs the Fortify ScanCentral
SAST Controller, use one of the following equations:
Intended Use Equation
Remote scan <num_jobs_per_day> x (<size_avg_MBS> + <size_avg_FPR> + <size_avg_SCA_
only log>) x <number_days_data_is_persisted>
Remote <num_jobs_per_day> x (<size_avg_archived_project_with_dependencies> + <size_
translation avg_FPR> + <size_avg_SCA_log>) x <num_days_data_is_persisted>
and scan
By default, data is persisted for seven days.
Micro Focus Fortify Software (22.1.0) Page 18 of 66
System Requirements
Fortify ScanCentral SAST Controller Platforms and Architectures
The Fortify ScanCentral SAST Controller supports the platforms and architectures listed in the
following table.
Operating
System Versions
Windows Server 2016
Server 2019
Linux Red Hat Enterprise Linux 7.x, 8
SUSE Linux Enterprise Server 12, 15
Fortify ScanCentral SAST Controller Application Server
The Micro Focus Fortify ScanCentral SAST Controller supports Apache Tomcat version 9.x running on
JRE 11.
Fortify ScanCentral SAST Client and Sensor Requirements
This section describes the requirements for the Fortify ScanCentral SAST clients and sensors.
Fortify ScanCentral SAST Client and Sensor Hardware Requirements
Micro Focus Fortify ScanCentral SAST clients and sensors run on any machine that supports Micro
Focus Fortify Static Code Analyzer. Fortify ScanCentral SAST clients and sensors are installed on
build machines that run Micro Focus Fortify Static Code Analyzer. See "Fortify Static Code Analyzer
Requirements" on page 27 for hardware, platform, and architecture requirements.
Sensor Disk Space Requirements
To estimate the amount of disk space required on the machine that runs a Fortify ScanCentral SAST
sensor, use one of the following equations:
Intended
Use Equation
Remote scan <num_of_scans> x (<size_avg_MBS> + <size_avg_FPR> + <size_avg_SCA_log>) x
only <num_days_data_is_persisted>
Remote <num_jobs_per_day> x (<size_avg_archived_project_with_dependencies> + <size_
translation avg_project_with_dependencies> + <size_avg_FPR> + <size_avg_SCA_log>) x
and scan <number_days_data_is_persisted>
Micro Focus Fortify Software (22.1.0) Page 19 of 66
System Requirements
By default, data is persisted for seven days.
Fortify ScanCentral SAST Client and Sensor Software Requirements
Fortify ScanCentral SAST clients and sensors are installed on build machines that run Micro Focus
Fortify Static Code Analyzer. See "Software Requirements" on page 28 for the software requirements.
Fortify ScanCentral SAST standalone clients require Java 11.
Fortify ScanCentral SAST Sensor Languages and Build Tools
Micro Focus Fortify ScanCentral SAST supports offloading the translation phase of the analysis to
ScanCentral SAST sensors for the languages and build tools described in this section.
Languages
Fortify ScanCentral SAST supports offloading translation to ScanCentral sensors for the following
languages. See "Languages" on page 29 for specific supported versions.
l .NET applications in C# and Visual Basic (VB.NET) (.NET Core, .NET Standard, ASP.NET)
Note:
l Packaging of .NET applications is supported only on Windows systems.
l Translation of .NET applications requires .NET Framework version 4.7.2 or later.
l ABAP
l Apex
l Classic ASP
l ColdFusion
l Go
l Java
l JavaScript
l Kotlin
l PHP
l PL/SQL
l Python
l Ruby
l T-SQL
l TypeScript
l Visual Basic 6.0
Micro Focus Fortify Software (22.1.0) Page 20 of 66
System Requirements
Build Tools
Fortify ScanCentral SAST supports the build tools listed in the following table.
Build Tool Versions
Gradle 5.0–7.3
Maven 3.x
MSBuild 14.0, 15.x, 16.x, 17.0, 17.1, 17.2
Fortify Software Security Center Server
Requirements
This section describes the system requirements for the Micro Focus Fortify Software Security
Center server.
Hardware Requirements
Micro Focus Fortify Software Security Center requires the hardware specifications listed in the
following table.
Component Minimum Recommended
Application server Java heap size 4 GB 24 GB
Database server Processor Quad-core Eight-core
RAM 8 GB 64 GB
Database Hardware Requirements
Fortify recommends an eight-core processor with 64 GB of RAM for the Fortify Software Security
Center database. Using less than this recommendation can impact Fortify Software Security Center
performance.
Micro Focus Fortify Software (22.1.0) Page 21 of 66
System Requirements
Use the following formula to estimate the size (in GB) of the Fortify Software Security Center
database disk space:
((<num_issues>*30 KB) + <size_of_artifacts>) ÷ 1,000,000
where:
l <num_issues> is the total number of issues in the system
l <size_of_artifacts> is the total size in KB of all uploaded artifacts and analysis results
Note: This formula produces only a rough estimate for database disk space allocation. Do not use
it to estimate disk space requirements for long-term projects. Disk requirements for Fortify
Software Security Center databases increases in proportion to the number of projects, scans, and
issues in the system.
Database Performance Metrics for Minimum and Recommended Hardware
Requirements
The following table shows performance metrics (number of issues discovered per hour) for Fortify
Software Security Center configured with the minimum and the recommended hardware
requirements.
Issues per Hour Issues per Hour
Database Minimum Configuration Recommended Configuration
MySQL 362,514 2,589,385
Oracle 231,392 3,020,950
SQL Server 725,028 3,625,140
Platforms and Architectures
Micro Focus Fortify Software Security Center supports the platforms and architectures listed in the
following table.
Operating
System Versions
Windows Server 2016
Server 2019
Linux Red Hat Enterprise Linux 7.x, 8
SUSE Linux Enterprise Server 12, 15
Micro Focus Fortify Software (22.1.0) Page 22 of 66
System Requirements
Note: Although Fortify Software Security Center has not been tested on all Linux variants, most
distributions are not known to have issues.
Application Servers
Micro Focus Fortify Software Security Center supports Apache Tomcat version 9.x for the following
JDK versions:
l Oracle JDK 11
l Red Hat OpenJDK 11
l SUSE OpenJDK 11
l Zulu OpenJDK 11 from Azul
Fortify only supports the deployment of a single Fortify Software Security Center instance.
Furthermore, that instance must not be behind a load balancer.
Fortify Software Security Center Database
Micro Focus Fortify Software Security Center requires that all database schema collations are
case-sensitive.
Caution! Fortify Software Security Center does not support any cloud database services such as
RDS in Amazon Web Services or Azure-managed databases.
Important! Disk I/O encompasses the input/output operations on a physical disk. If you are
reading data from a file on a disk, the processor must wait for the file to be read (the same applies
to writing data to a file). Fortify Software Security Center is a high I/O-intensive application, which
affects performance. Make sure that your disk subsystem provides low read/write latency. Fortify
recommends that you monitor disk I/O as the database grows.
Fortify Software Security Center supports the databases listed in the following table.
Collation /
Database Versions Character Sets Driver
MySQL 8.0 latin1_general_cs The driver is included in the Fortify Software
(Community Security Center WAR file.
Edition)
MariaDB Connector/J 2.7.4
Driver class:
org.mariadb.jdbc.driver
Micro Focus Fortify Software (22.1.0) Page 23 of 66
System Requirements
Collation /
Database Versions Character Sets Driver
Oracle 12c Release 2 AL32UTF8 for all The Oracle Database 21c JDBC driver is
languages included in the Fortify Software Security
19c (18.3)
Center WAR file.
WE8MSWIN1252
for US English Driver class:
oracle.jdbc.OracleDriver
JAR file:
ojdbc11.jar (for Java 11) version 21.3.0.0
SQL 2017 SQL_Latin1_ The Microsoft JDBC Driver 9.2 for SQL
Server General_CP1_CS_ Server is included in the Fortify Software
2019
AS Security Center WAR file.
Driver class:
com.microsoft.sqlserver:mssql-
jdbc: 9.4.0.jre11
Note: Fortify does not support the direct conversion from one database server type to another,
such as converting from MySQL to Oracle. To do this, you must use the Server API to move data
from your current Fortify Software Security Center instance to a new Fortify Software Security
Center instance that uses the database server type you want to use going forward. Micro Focus
Professional Services can assist you with this process.
Deploying Fortify Software Security Center to a Kubernetes
Cluster (Optional Deployment Strategy)
If you plan to deploy Micro Focus Fortify Software Security Center on a Kubernetes cluster, you must
make sure that the following requirements are met.
Kubernetes Requirements
l Kubernetes versions 1.20–1.22
l Helm versions 3.6–3.8
l Persistent volume support
l A load balancer service (Recommended)
l At least 7 GB of RAM and 1 CPU on a single node (with default configuration)
Micro Focus Fortify Software (22.1.0) Page 24 of 66
System Requirements
Locally-Installed Tools Required
l Maximum usage: 28 GB of RAM and 8 CPUs on a single node (with default configuration)
l 4 GiB of storage for persistent volume (with default configuration)
l A kubectl command-line tool (Recommended) - Use the same version as the Kubernetes cluster
version (1.20–1.22)
l Helm command-line tool, versions 3.6–3.8
l Air-gapped installation only (Recommended) - A Docker client and server installation (any version)
Additional Requirements
l Kubeconfig file for the Kubernetes cluster
l Docker Hub account with access to Fortify Software Security Center images
Note: If you need access to Fortify Docker Organization on Docker Hub, contact
[email protected] with your first name, your last name, and your Docker account
name. Micro Focus Fortify will then give you access to the Fortify Docker organization that
contains the Fortify Software Security Center images.
l DNS name for the Fortify Software Security Center web application (address used to access the
service)
l Java keystore for setting up HTTPS (For details, see the Micro Focus Fortify Software Security
Center User Guide) The keystore must contain a CA certificate and a server certificate for the
Fortify Software Security Center DNS name with an associated private key.
l Keystore password
l Private key password
l An installed MySQL, Oracle, or SQL Server for the database server
l Database server host name
l Name of the Fortify Software Security Center database
l Username and password for an account that has permission to manage the Fortify Software
Security Center schema and data
l Fortify Software Security Center license
Browsers
Fortify recommends that you use one of the browsers listed in the following table and a screen
resolution of 1400 x 800.
Micro Focus Fortify Software (22.1.0) Page 25 of 66
System Requirements
Browser Version
Google Chrome 90 or later
Microsoft Edge 90 or later
Mozilla Firefox 91 or later
Safari 14 or later
Authentication Systems
Micro Focus Fortify Software Security Center supports the following directory services:
l LDAP: LDAP 3 compatible
Important! Although Fortify supports the use of multiple LDAP servers, it does not support
the use of multiple LDAP servers behind a load balancer unless they are exact copies.
l Windows Active Directory Service
Single Sign-On (SSO)
Fortify Software Security Center supports:
l Central Authorization Server (CAS) SSO
l HTTP Headers SSO (Oracle SSO, CA SSO)
l SAML 2.0 SSO
l SPNEGO/Kerberos SSO
l X.509 SSO
BIRT Reporting
Micro Focus Fortify Software Security Center custom reports support BIRT Report Designer
version 4.7.
(Linux with OpenJDK only) Installing Required Fonts
If your Micro Focus Fortify Software Security Center server is installed on a Linux system, and you are
running OpenJDK, you must install the fontconfig library, DejaVu Sans fonts, and DejaVu serif fonts
on the server to enable users to successfully generate reports. Otherwise, report generation will fail. If
you need to, you can download these fonts from https://github.com/dejavu-fonts/dejavu-fonts.
Micro Focus Fortify Software (22.1.0) Page 26 of 66
System Requirements
Service Integrations for Fortify Software Security Center
Micro Focus Fortify Software Security Center supports the service integrations listed in the following
table.
Service Application Versions
Bug tracking Micro Focus Application Lifecycle Management (ALM)/ 12.50
Quality Center Enterprise (QC)
Azure DevOps n/a
Note: Only basic user password authentication is
supported.
Azure DevOps Server 2019,
2020
Bugzilla 5.0.x
Jira 8.0–8.13
Jira Cloud n/a
Dynamic assessments Micro Focus Fortify WebInspect Enterprise 22.1.0
Fortify Static Code Analyzer Requirements
This section describes the system requirements for Micro Focus Fortify Static Code Analyzer, and the
Fortify Static Code Analyzer Tools (including the Secure Code Plugins).
Hardware Requirements
Fortify recommends that you install Micro Focus Fortify Static Code Analyzer on a high-end processor
with the hardware requirements described in the following table.
RAM Processor Programming Language to Analyze
16 GB Quad-core Non-dynamic languages
32 GB Eight-core Dynamic languages such as JavaScript, TypeScript, Python, PHP, and
Ruby
Micro Focus Fortify Software (22.1.0) Page 27 of 66
System Requirements
Increasing the number of processor cores and RAM both result in faster processing. If your software is
complex, you might require more RAM or processors. See the information about improving
performance in the Micro Focus Fortify Static Code Analyzer User Guide for recommendations.
Software Requirements
Micro Focus Fortify Static Code Analyzer requires Java 11. The Fortify Static Code Analyzer and
Applications installation includes an embedded OpenJDK/JRE version 11.0.14.1.
The following table describes software requirements for specific features.
Feature Requirement and Version
Translate .NET and Visual Studio C/C++ projects Windows operating system
.NET Framework 4.7.2 or later
Translate projects that use the Blazor web framework Installation of a supported version of
Visual Studio (2019 or later)
Manage concurrent licenses with Fortify License and LIM 21.2.0 or later
Infrastructure Manager (LIM)
Platforms and Architectures
Micro Focus Fortify Static Code Analyzer supports the platforms and architectures listed in the
following table.
Operating System Platforms / Versions
Windows Windows 10, 11
Windows Server 2016
Windows Server 2019
Windows Server 2022
Micro Focus Fortify Software (22.1.0) Page 28 of 66
System Requirements
Operating System Platforms / Versions
Linux CentOS Linux 7.x (7.6 or later)
CentOS Linux 8.x (8.2 or later)
Red Hat Enterprise Linux 7.x (7.2 or later)
Red Hat Enterprise Linux 8.x (8.2 or later)
SUSE Linux Enterprise Server 12, 15
Ubuntu 20.04.1 LTS
macOS 11, 12
AIX 7.1
Solaris SPARC 11.3
Solaris x64 11.4
Fortify Static Code Analyzer Tools (including Secure Code Plugins) support the platforms and
architectures listed in the following table.
Operating System Platforms / Versions
Windows 10
Linux Red Hat Enterprise Linux 7.x, 8
SUSE Linux Enterprise Server 12, 15
macOS 11, 12
Languages
Micro Focus Fortify Static Code Analyzer supports the programming languages listed in the following
table.
Language /
Framework Versions
.NET 5.0, 6.0
.NET Framework 2.0–4.8
Micro Focus Fortify Software (22.1.0) Page 29 of 66
System Requirements
Language /
Framework Versions
.NET Core 2.0–3.1
ABAP/BSP 6
Note: Fortify ABAP Extractor is supported on a system running SAP
release 7.02, SP level 0006.
ActionScript 3.0
Apex 36
C# 5, 6, 7, 8, 9, 10
C/C++ C11, C++11, C++14, C++17, C++20 (see "Compilers" on page 36)
Classic ASP 2.0, 3.0
(with VBScript)
COBOL IBM Enterprise COBOL for z/OS 6.1 (and earlier) with CICS, IMS, DB2, and
IBM MQ
Micro Focus Visual COBOL 6.0
Note: COBOL translation requires that Microsoft Visual C++ 2017
Redistributable (x86) be installed on the system. This is not a
requirement for Legacy COBOL Translation.
ColdFusion 8, 9, 10
Docker (Dockerfiles) any
Go 1.12, 1.13, 1.14, 1.15, 1.16, 1.17
Note: Fortify Static Code Analyzer supports scanning Go code on
Windows and Linux.
HCL 2.0
Note: HCL language support is specific to Terraform and supported
cloud provider Infrastructure as Code (IaC) configurations.
Micro Focus Fortify Software (22.1.0) Page 30 of 66
System Requirements
Language /
Framework Versions
HTML 5 and earlier
Java 7, 8, 9, 10, 11, 12, 13, 14, 17
(including Android)
JavaScript ECMAScript 2015–2021
JSON ECMA-404
JSP 1.2, 2.1
Kotlin 1.3.50, 1.4.20, 1.5.30
MXML (Flex) 4
Objective-C/C++ 2.0 (see "Compilers" on page 36)
PHP 7.3, 7.4, 8.0
PL/SQL 8.1.6
Python 2.6, 2.7, 3.x (3.9 and earlier)
Ruby 1.9.3
Scala 2.11, 2.12, 2.13
Note: Analyzing Scala code requires the Scala Fortify compiler plugin,
which is available in the Maven Central Repository.
Swift 5 (see "Compilers" on page 36 for supported swiftc versions)
T-SQL SQL Server 2005, 2008, 2012
TypeScript 2.8, 3.x, 4.0, 4.1, 4.2, 4.3, 4.4, 4.5
VBScript 2.0, 5.0
Visual Basic 11, 14, 15.x, 16.0
(VB.NET)
Visual Basic 6.0
Micro Focus Fortify Software (22.1.0) Page 31 of 66
System Requirements
Language /
Framework Versions
XML 1.0
YAML 1.2
Libraries, Frameworks, and Technologies
Micro Focus Fortify Static Code Analyzer supports the libraries, frameworks, and technologies listed in
this section with dedicated Fortify Secure Coding Rulepacks and vulnerability coverage beyond core
supported languages.
Java
Adobe Flex Blaze DS Apache Struts IBM WebSphere Netscape LDAP API Spring Data Commons
Ajanta Apache Tapestry Jackson OpenCSV Spring Data JPA
Amazon Web Services Apache Tomcat Jakarta Activation Oracle Application Spring Data MongoDB
(AWS) SDK Development
Apache Torque Jakarta EE (Java EE) Spring Data Redis
Framework (ADF)
Apache Axiom
Apache Util Java Annotations Spring HATEOAS
Oracle BC4J
Apache Axis
Apache Velocity Java Excel API Spring JMS
Oracle JDBC
Apache Beehive NetUI
Apache Wicket JavaMail Spring JMX
Oracle OA Framework
Apache Catalina
Apache Xalan JAX-RS Spring Messaging
Oracle tcDataSet
Apache Cocoon
Apache Xerces JAXB Spring Security
Oracle XML Developer
Apache Commons
ATG Dynamo Jaxen Kit (XDK) Spring Webflow
Apache ECS
Azure SDK JBoss OWASP Enterprise Spring WebSockets
Apache Hadoop Security API (ESAPI)
Castor JDesktop Spring WS
Apache OWASP HTML
Display Tag JDOM Stripes
HttpComponents Sanitizer
Dom4j Jetty Sun JavaServer Faces
Apache Jasper OWASP Java Encoder
(JSF)
GDS AntiXSS JGroups
Apache Log4j Plexus Archiver
Tungsten
Google Android json-simple
Apache Lucene Realm
Weblogic
Google Cloud JTidy Servlet
Apache MyFaces Restlet
WebSocket
Google Web Toolkit JXTA
Apache OGNL SAP Web Dynpro
XStream
gRPC JYaml
Apache ORO Saxon
YamlBeans
Gson Liferay Portal
Apache POI SnakeYAML
ZeroTurnaround ZIP
Hibernate MongoDB
Apache SLF4J Spring and Spring
Zip4J
iBatis Mozilla Rhino MVC
Apache Slide
IBM MQ MyBatis Spring Boot
Apache Spring
Security (Acegi)
Micro Focus Fortify Software (22.1.0) Page 32 of 66
System Requirements
Scala
Akka HTTP Scala Slick
Scala Play
.NET
.NET Framework, .NET Azure SDK Json.NET Log4Net NHibernate SharpCompress
Core, and .NET
Castle ActiveRecord Microsoft NLog SharpZipLib
Standard
ApplicationBlocks
CsvHelper Npgsql SQLite .NET Provider
.NET WebSockets
Microsoft My
Dapper Open XML SDK SubSonic
ADO.NET Entity Framework
Framework DB2 .NET Provider Oracle Data Provider Sybase ASE ADO.NET
Microsoft Practices
for .NET Data Provider
ADODB DotNetZip Enterprise Library
OWASP AntiSamy Xamarin
Amazon Web Services Entity Framework Core Microsoft Web
(AWS) SDK Protection Library Saxon Xamarin Forms
fastJSON
ASP.NET MVC MongoDB SharePoint Services YamlDotNet
IBM Informix .NET
ASP.NET SignalR Provider MySql .Net Connector
ASP.NET Web API
ActiveDirectory LDAP CURL Library MySQL OpenSSL Sun RPC
Apple System Logging GLib Netscape LDAP POSIX Threads WinAPI
(ASL)
JNI ODBC SQLite
C++
Boost Smart Pointers STL
MFC WMI
SQL
Oracle ModPLSQL
PHP
ADOdb PHP Debug PHP Mcrypt PHP OpenSSL PHP Smarty
Advanced PHP PHP DOM PHP Mhash PHP PostgreSQL PHP XML
Debugging
PHP Extension PHP Mysql PHP Reflection PHP XMLReader
CakePHP
PHP Hash PHP OCI8 PHP SimpleXML PHP Zend
Micro Focus Fortify Software (22.1.0) Page 33 of 66
System Requirements
JavaScript/TypeScript/HTML5
Angular Helmet Mustache React Router Underscore.js
Apollo Server iOS JavaScript Bridge Node.js Azure Storage SAPUI5/OpenUI5
Express JS jQuery Node.js Core Sequelize
GraphQL.js JS-YAML React
Handlebars
Python
_mysql Google Cloud memcache-client pylibmc Twisted Mail
aiopg Graphene MySQLdb PyMongo urllib3
Amazon Web Services httplib2 oslo.config PyYAML WebKit
(AWS) Lambda
Jinja2 psycopg2 requests
Azure Functions
libxml2 pycrypto simplejson
Django
lxml pycurl six
Ruby
MySQL Rack Thor
pg SQLite
Objective-C
AFNetworking Apple CoreFoundation Apple Apple SBJson
LocalAuthentication WatchConnectivity
Apple AddressBook Apple CoreLocation SFHFKeychainUtils
Apple MessageUI Apple WatchKit
Apple AppKit Apple CoreServices SSZipArchive
Apple Security Apple WebKit
Apple CFNetwork Apple CoreTelephony ZipArchive
Apple Social Hpple
Apple ClockKit Apple Foundation ZipUtilities
Apple UIKit Objective-Zip
Apple CommonCrypto Apple HealthKit ZipZap
Realm
Apple CoreData
Swift
Alamofire Apple CoreFoundation Apple MessageUI Apple WatchKit Zip
Apple AddressBook Apple CoreLocation Apple Security Apple WebKit ZipArchive
Apple CFNetwork Apple Foundation Apple Social Hpple ZIPFoundation
Apple ClockKit Apple HealthKit Apple UIKit Realm ZipUtilities
Apple CommonCrypto Apple Apple SQLite ZipZap
LocalAuthentication WatchConnectivity
Apple CoreData SSZipArchive
Micro Focus Fortify Software (22.1.0) Page 34 of 66
System Requirements
COBOL
Auditor Micro Focus POSIX
COBOL Run-time
CICS SQL
System
DLI
MQ
Go
GORM
logrus
gRPC
Configuration
.NET Configuration Docker Configuration Java Apache Struts Java Spring and Oracle Application
(Dockerfiles) Spring MVC Development
Adobe Flex Java Apache Tomcat
Framework (ADF)
(ActionScript) GitHub Actions Configuration Java Spring Boot
Configuration PHP Configuration
Google Android Java Blaze DS Java Spring Mail
Ajax Frameworks Configuration PHP WordPress
Java Hibernate Java Spring Security
Amazon Web Service Google Cloud Configuration Silverlight
Java Spring
(AWS) Configuration
iOS Property List Java iBatis WebSockets
Ansible Configuration Terraform
J2EE Configuration Java Weblogic
AWS CloudFormation Java IBM WebSphere WS-SecurityPolicy
Java Apache Axis Kubernetes
Azure Java MyBatis XML Schema
Java Apache Log4j Mule
Configuration
Azure Resource Configuration
OpenAPI Specification
Manager (ARM) Java OWASP
Java Apache Spring
AntiSamy
Build Management Security (Acegi)
Secrets
1Password Irssi NuGet Secure Shell Protocol (SSH)
Amazon KeyStore OpenVPN SendGrid
Artifactory KeePass Password Safe Slack
Bash Scripts Keychain PayPal/Braintree SonarQube
BitLocker KWallet Postman SQL
Bcrypt LinkedIn Pretty Good Privacy (PGP) Square
Code Climate Mailchimp PostgreSQL StackHawk
Facebook Mailgun PuTTY Stripe
GitHub Microsoft Outlook webhook PyPI Terraform
Micro Focus Fortify Software (22.1.0) Page 35 of 66
System Requirements
Gnome Keyring Mutt Remote Desktop Protocol Twilio
(RDP)
Google MySQL Twitter
Ruby/Ruby on Rails
Heroku netrc
Sauce Labs
HexChat npm
Build Tools
Micro Focus Fortify Static Code Analyzer supports the build tools listed in the following table.
Build Tool Versions Notes
Ant 1.10.x and earlier
Gradle 5.0–7.4.x The Fortify Static Code Analyzer Gradle build
integration supports the following language/platform
combinations:
l Java/Windows, Linux, and macOS
l Kotlin/Windows and Linux
l C/Linux
l C++/Linux
Maven 3.0.5, 3.5.x, 3.6.x, 3.8.x
MSBuild 14.0, 15.x, 16.x, 17.0, 17.1, The MSBuild integration is supported on Windows.
17.2
Xcodebuild 12.5, 12.5.1, 13, 13.1, 13.2,
13.2.1, 13.3, 13.3.1, 13.4,
13.4.1
Compilers
Micro Focus Fortify Static Code Analyzer supports the compilers listed in the following table.
Compiler Versions Operating Systems
gcc GNU gcc 4.9, 5.x Windows, Linux, macOS, AIX, Solaris
GNU gcc 10.2.1 Windows, Linux, macOS
Micro Focus Fortify Software (22.1.0) Page 36 of 66
System Requirements
Compiler Versions Operating Systems
g++ GNU g++ 4.9, 5.x Windows, Linux, macOS, AIX, Solaris
GNU g++ 10.2.1 Windows, Linux, macOS
OpenJDK javac 9, 10, 11, 12, 13, 14, 17 Windows, Linux, macOS
9, 10, 11, 12, 13 AIX, Solaris
Oracle javac 7, 8, 9 Windows, Linux, macOS
cl (MSVC) 2015, 2017, 2019, 2022 Windows
Clang 12.0.5, 13.0.0, 13.1.61 macOS
Swiftc 5.4, 5.4.2, 5.5, 5.5.1, 5.5.2, 5.6, 5.6.11 macOS
1Fortify Static Code Analyzer supports applications built in the following Xcode versions: 12.5, 12.5.1,
13, 13.1, 13.2, 13.2.1, 13.3, 13.3.1, 13.4, 13.4.1.
Secure Code Plugins
The following table lists the supported integrated development environments (IDE) for the Micro
Focus Fortify Secure Code Plugins.
IDEs and
Plugin / Extension Versions Notes
Fortify Eclipse Complete Eclipse 2020-x,
Plugin 2021-x, 2022-03
Fortify Analysis Plugin for Android Studio
IntelliJ and Android Studio 2020.x, 2021.1
IntelliJ IDEA
2020.x, 2021.x,
2022.1
Micro Focus Fortify Software (22.1.0) Page 37 of 66
System Requirements
IDEs and
Plugin / Extension Versions Notes
Fortify Visual Studio Visual Studio Visual Studio Community, Professional, and
Extension 2017 Enterprise editions for Windows are supported.
Visual Studio For supported MSBuild versions, see "Build
2019 Tools" on page 36.
Visual Studio
2022
Single Sign-On (SSO)
Fortify Audit Workbench, the Eclipse Complete plugin, and the Fortify Visual Studio Extension
support the following SSO methods to connect with Fortify Software Security Center:
l SPNEGO/Kerberos SSO
Supported on Windows only.
l X.509 SSO
Note: Fortify Audit Workbench and the Secure Code Plugins can use token-based authentication
with Fortify Software Security Center, which removes the requirement to configure SSO directly.
Service Integrations for Fortify Static Code Analyzer Tools
The following table lists the supported service integrations for Micro Focus Fortify Audit Workbench
and the Fortify Secure Code Plugins.
Service Versions Supported Tools
Micro Focus Application Lifecycle 12.50 Audit Workbench, Eclipse Plugin
Management (ALM)/
Quality Center Enterprise (QC)
Azure DevOps Server 2019, Audit Workbench, Eclipse Plugin,
2020 Visual Studio Extension
Azure DevOps n/a Audit Workbench, Eclipse Plugin
Note: Only basic user password
authentication is supported.
Bugzilla 5.0.x Audit Workbench, Eclipse Plugin,
Micro Focus Fortify Software (22.1.0) Page 38 of 66
System Requirements
Service Versions Supported Tools
Visual Studio Extension
Jira 8.0–8.13 Audit Workbench, Eclipse Plugin
Jira Cloud n/a Audit Workbench, Eclipse Plugin
Fortify Software Security Center Bug 22.1.0 Audit Workbench, Eclipse Plugin,
Tracker Visual Studio Extension
Fortify Software Security Content
Micro Focus Fortify Secure Coding Rulepacks are backward compatible with all supported Fortify
Software versions. This ensures that Rulepack updates do not break any working Fortify Software
installation.
BIRT Reports
To generate BIRT reports on a Linux system from the Secure Code Plugins or the
BIRTReportGenerator utility, you must install the fontconfig library, DejaVu Sans fonts, and DejaVu
serif fonts on the server.
To run the BIRTReportGenerator utility in a Linux Docker container, you must have the X11 libraries
installed in the image. The X11 libraries provide the graphical user interface API that BIRT requires
for data visualization.
Red Hat Enterprise and CentOS Example:
yum -y install xorg-x11-xauth xorg-x11-fonts-* xorg-x11-utils
Ubuntu Example:
apt-get install x11-apps
Fortify WebInspect Requirements
Before you install Micro Focus Fortify WebInspect, make sure that your system meets the
requirements described in this section. Fortify does not support beta or pre-release versions of
operating systems, service packs, or required third-party components.
WebInspect Hardware Requirements
Fortify recommends that you install Micro Focus Fortify WebInspect on a system that conforms to the
supported components listed in the following table.
Micro Focus Fortify Software (22.1.0) Page 39 of 66
System Requirements
Component Requirement Notes
Processor 2.5 GHz quad- Complex applications might benefit from additional cores.
core or faster
RAM 16 GB Complex applications might benefit from additional memory.
Fortify recommends 32 GB of memory to scan with single-
page application (SPA) support.
Hard disk 40 GB Using SQL Express and storing scans locally requires
additional disk space per scan.
Display 1280 x 1024
WebInspect Software Requirements
Micro Focus Fortify WebInspect runs on and works with the software packages listed in the following
table.
Package Versions Notes
Windows Windows 10 Recommended
Important! Not all builds of Windows 10
support .NET Framework 4.8. Refer to
Microsoft’s website to identify Windows 10
builds that support .NET Framework 4.8.
Windows 11
Windows Server 2016
Windows Server 2019
.NET Platform .NET Framework 4.8
SQL Server SQL Server 2019 Recommended
(English-language No scan database limit
versions only)
SQL Server 2017 No scan database limit
Azure SQL Server Using Azure SQL Server outside the Azure
infrastructure may cause poor performance for
Micro Focus Fortify Software (22.1.0) Page 40 of 66
System Requirements
Package Versions Notes
Fortify WebInspect. Fortify recommends using
Azure SQL Server with Fortify WebInspect
inside the Azure infrastructure only.
SQL Server Express SQL Server 2019 Recommended
Express
(English-language 10 GB scan database limit
versions only)
SQL Server 2017 10 GB scan database limit
Express
SQL Server 2016 10 GB scan database limit
Express SP2
Portable Document Adobe Acrobat Reader Recommended
Format 11
Adobe Acrobat Reader Minimum
8.1.2
Support for Postman
A Postman collection version 2.0 or 2.1 is required to conduct scans in Fortify WebInspect.
Additionally, you must install the following third-party software on the machine where Fortify
WebInspect is installed:
l Newman command-line collection runner 4.5.1 or later
Important! You must install Newman globally rather than locally. You can do this by adding a
-g option to the installation command, as follows:
npm install -g newman
When you install Newman, a path variable for Newman is automatically added to the user
variables. The path variable is similar to the following:
<directory_path>\AppData\Roaming\npm
You must manually add the same Newman path variable to the system environment variables.
Ensure that the variable is in both the user variables and system environment variables before
proceeding.
System variables are read only when the machine boots, so after manually adding the path
variable, you must restart your machine. See your Windows documentation for specific
instructions on how to add a system environment variable.
l Node.js and the included Node Package Manager (NPM)
Micro Focus Fortify Software (22.1.0) Page 41 of 66
System Requirements
Note: Install the Node.js version that is required for the version of Newman that you install. For
more information, see https://www.npmjs.com/package/newman.
Notes on SQL Server Editions
When using the Express edition of SQL Server:
l Scan data must not exceed the database size limit. If you require a larger database or you need to
share your scan data, use the full version of SQL Server.
l During the installation you might want to enable “Hide advanced installation options.” Accept all
default settings. Micro Focus Fortify WebInspect requires that the default instance is named
SQLEXPRESS.
When using the full edition of SQL Server:
l You can install the full version of SQL Server on the local host or nearby (co-located). You can
configure this option in Fortify WebInspect Application Settings (Edit > Application Settings >
Database).
l The account specified for the database connection must also be a database owner (DBO) for the
named database. However, the account does not require sysadmin (SA) privileges for the database
server. If the database administrator (DBA) did not generate the database for the specified user,
then the account must also have the permission to create a database and to manipulate the
security permissions. The DBA can rescind these permissions after Fortify WebInspect sets up the
database, but the account must remain a DBO for that database.
WebInspect on Docker
Fortify WebInspect on Docker has the software requirements listed in the following table.
Package Versions Notes
Docker 18.09 or later
Enterprise
Windows Windows Server This Windows version supports the process isolation
2019 runtime mode.
Micro Focus Fortify Software (22.1.0) Page 42 of 66
System Requirements
Hardware Requirements
Fortify recommends that you install Micro Focus Fortify WebInspect on Docker on a host that
conforms to the supported components listed in the following table and configure the container to
use these resources. Fortify does not support beta or pre-release versions of operating systems,
service packs, and required third-party components.
Component Requirement Notes
Processor 2.5 GHz quad- Complex applications might benefit from additional cores.
core or faster
RAM 16 GB Complex applications might benefit from additional memory.
Fortify recommends 32 GB of memory to scan with single-
page application (SPA) support.
Hard disk 40 GB Using SQL Express and storing scans locally requires
additional disk space per scan.
Fortify WebInspect Ports and Protocols
This section describes the ports and protocols Micro Focus Fortify WebInspect uses to make required
and optional connections.
Required Connections
The following table lists the ports and protocols Micro Focus Fortify WebInspect uses to make
required connections.
Direction Endpoint URL or Details Port Protocol Notes
Fortify Target host Scan target host Any HTTP Fortify WebInspect must
WebInspect connect to the web application
to target host or web service to be scanned.
Fortify SQL Server Express, SQLEXPRESS service on 1433 SQL TCP Used to maintain the scan data
WebInspect SQL Server localhost or SQL TCP and to generate reports within
to SQL Standard/Enterprise, service locally installed the Fortify WebInspect
database or Azure SQL Server or remote host application.
Micro Focus Fortify Software (22.1.0) Page 43 of 66
System Requirements
Direction Endpoint URL or Details Port Protocol Notes
Fortify Verisign CRL http://crl.verisign.com/ 80 HTTP Offline installations of Fortify
WebInspect pca3.crl WebInspect or Fortify
to Certificate WebInspect Enterprise require
or
Revocation you to manually download and
List (CRL) http://csc3-2004- apply the CRL from Verisign.
crl.verisign.com/ Fortify WebInspect products
CSC3-2004.crl prompt for these lists from
Windows and their absence can
cause problems with the
application. A one-time
download is sufficient, however
Fortify recommends that you
download the CRL as part of
regular maintenance.
Optional Connections
The following table lists the ports and protocols Micro Focus Fortify WebInspect uses to make
optional connections.
Direction Endpoint URL or Details Port Protocol Notes
Fortify Remote Fortify https://licenseservice. 443 HTTPS For one-time activation of a
WebInspect to Licensing fortify.microfocus.com over SSL Fortify WebInspect Named
Fortify License Service User license. You may
activation optionally use the following:
server l An offline activation
process instead of using
this direct connection
l Upstream proxy with
authentication instead of
a direct connection
Fortify Remote https://smartupdate. 443 HTTPS Used to automatically
WebInspect to SmartUpdate fortify.microfocus.com over SSL update the Fortify
SmartUpdate service WebInspect product.
server SmartUpdate is automatic
when opening the product
UI, but can be disabled and
run manually. Can
optionally use upstream
proxy with authentication
instead of a direct
connection.
Fortify Remote Fortify https://supportchannel. 443 HTTPS Used to retrieve product
WebInspect to Support fortify.microfocus.com over SSL marketing messages and to
Fortify Support Channel
Micro Focus Fortify Software (22.1.0) Page 44 of 66
System Requirements
Direction Endpoint URL or Details Port Protocol Notes
Channel server service upload Fortify WebInspect
data or product suggestions
to Micro Focus Fortify
Customer Support. Message
check is automatic when
opening the product UI, but
can be disabled and run
manually. Can optionally
use upstream proxy with
authentication instead of a
direct connection.
Fortify Remote Fortify https://telemetry.fortify.com 443 HTTPS The Telemetry service
WebInspect to WebInspect over SSL provides an automated
Fortify Telemetry and Note: Accessing this process for collecting and
WebInspect performance URL in a browser does sending Fortify WebInspect
Telemetry reporting not display any content. usage information to Micro
server service Focus. Our software
developers use this
information to help improve
the product.
Fortify Fortify Lease Concurrent User license 443 Web Required for Fortify
WebInspect to WebInspect services WebInspect client to lease
Fortify License LIM over SSL and use a Concurrent User
and license maintained in a LIM
(Local
Infrastructure license pool. You can detach
Licensing
Manager (LIM) the client license from LIM
Service)
after activation to avoid a
constant connection.
Fortify Local machine http://localhost:8083/ 8083 or HTTP Use to activate a Fortify
WebInspect API API, or network webinspect/api user- WebInspect API Windows
listener IP address specified Service. This opens a
listening port on your
machine, which you can use
locally or remotely to
generate scans and retrieve
the results
programmatically. This API
can be SSL enabled, and
supports Basic or Windows
authentication.
Fortify Fortify User-specified Fortify 443 or HTTP or The Enterprise Server menu
WebInspect to WebInspect WebInspect server user- HTTPS connects Fortify
Fortify Enterprise specified over SSL WebInspect as a client to
WebInspect server the enterprise security
Enterprise solution to transfer findings
and user role and
Micro Focus Fortify Software (22.1.0) Page 45 of 66
System Requirements
Direction Endpoint URL or Details Port Protocol Notes
permissions management.
Fortify Fortify User-specified Fortify 443 or HTTP or Separate from the Fortify
WebInspect WebInspect WebInspect server user- HTTPS WebInspect UI, you can
sensor service Enterprise specified over SSL configure the local
to Fortify server installation as a remote
WebInspect scan engine for use by the
Enterprise enterprise security solution
community. This is done
through a Windows Service.
This constitutes a different
product from Fortify
WebInspect desktop and is
recommended to be run on
its own, non-user-focused
machine.
Browser to localhost Manual Step-Mode Scan Dynamic, HTTP or Fortify WebInspect serves
Fortify 8081, or HTTPS as a web proxy to the
WebInspect user- over SSL browser, enabling manual
specified testing of the target web
server through Fortify
WebInspect.
Fortify QC server User-specified ALM server Server- HTTP or Permits submission of
WebInspect to specified HTTPS findings as defects to the
Quality Center over SSL ALM bug tracker.
Enterprise
(ALM)
Connections for Tools
The following table lists the ports and protocols that the Micro Focus Fortify WebInspect tools use to
make connections.
Tool Direction Endpoint Port Protocol Notes
Web Proxy To target host localhost 8080 or HTTP or Intercepts and displays web traffic
user- HTTPS
specified over SSL
Web Form To target host localhost Dynamic, HTTP or Intercepts web traffic and captures
Editor 8100, or HTTPS submitted forms
user- over SSL
specified
Login or To target host localhost Dynamic, HTTP or Records browser sessions for replay
Workflow 8081, or HTTPS during scan
Macro user- over SSL
Recorders specified
Micro Focus Fortify Software (22.1.0) Page 46 of 66
System Requirements
Tool Direction Endpoint Port Protocol Notes
Web Fortify WebInspect Target host User- HTTP and Scanner for identifying rogue web
Discovery machine to network specified HTTPS applications hosted among the targeted
targeted IP range range range over SSL scanned IP and port ranges
Use to provide targets to Fortify
WebInspect (manually)
Fortify WebInspect Agent
For system requirements, see "Fortify WebInspect Agent Requirements" below.
WebInspect Software Development Kit (SDK)
The WebInspect SDK requires the following software:
l Visual Studio 2019 (version 16.9.0)
l .NET Framework 4.8
Important! Visual Studio Express versions do not support third-party extensions. Therefore,
these versions do not meet the software requirements to use the WebInspect SDK.
Software Integrations for Fortify WebInspect
The following table lists products that you can integrate with Micro Focus Fortify WebInspect.
Product Versions
Micro Focus Fortify WebInspect Enterprise 21.2.0
Micro Focus Application Lifecycle Management (ALM) 11.5, 12.01, 12.21,
12.53
Note: You must also install the ALM Connectivity tool to connect
Fortify WebInspect to ALM.
Micro Focus Fortify Software Security Center 22.1.0
Micro Focus Unified Functional Testing 11.5
Fortify WebInspect Agent Requirements
Micro Focus Fortify WebInspect Agent technology is delivered for production application logging and
protection .
Micro Focus Fortify Software (22.1.0) Page 47 of 66
System Requirements
Platforms and Architectures
Fortify WebInspect Agent supports 32-bit and 64-bit applications written in Java 5, 6, 7, 8, and 10.
Java Runtime Environments
Fortify WebInspect Agent supports the Java runtime environments listed in the following table.
JRE Major Versions
IBM J9 5 (SR10 or later)
6 (SR6 or later)
Oracle HotSpot 5, 6, 7, 8
Oracle JRockit 5, 6 (R27.6 or later)
Note: The Java agent is supported on Windows, Linux, and Unix.
Java Application Servers
Fortify WebInspect Agent supports the Java application servers listed in the following table.
Application Server Versions
Apache Tomcat 6.0, 7.0, 8.0, 9.0
IBM WebSphere 7.0, 8.0, 8.5, 8.5.5
Oracle WebLogic 10.0, 10.3, 11g, 11gR1, 12c
Red Hat JBoss Enterprise Application Platform 7.3.0 and earlier
Jetty 9.3
WildFly 20.0.1 and earlier
.NET Frameworks
Fortify WebInspect Agent supports .NET Framework versions 2.0, 3.0, 3.5, 4.0, and 4.5–4.8.
Micro Focus Fortify Software (22.1.0) Page 48 of 66
System Requirements
IIS for Windows Server
Fortify WebInspect Agent supports Internet Information Services (IIS) versions 6.0, 7.0, 7.5, 8, 8.5, and
10.0.
Fortify WebInspect Enterprise Requirements
Before you install Micro Focus Fortify WebInspect Enterprise, make sure that your systems meet the
requirements described in this section. Fortify does not support beta or pre-release versions of
operating systems, service packs, or required third-party components.
Note: Product versions that are not specifically listed in this document are not supported.
Important Information About This Release
Micro Focus Fortify WebInspect Enterprise was not updated for the 22.1.0 release. However, Fortify
WebInspect Enterprise 21.2.0 is compatible with Fortify Software Security Center 22.1.0 and the
Fortify WebInspect 22.1.0 sensor.
Integrations for Fortify WebInspect Enterprise
You can integrate Micro Focus Fortify WebInspect Enterprise with the following components:
l Micro Focus Fortify WebInspect sensors 22.1.0
l Micro Focus Fortify WebInspect Agent 22.1.0
Fortify WebInspect Enterprise Database
Fortify recommends that you configure the database server on a separate machine from either Micro
Focus Fortify Software Security Center or Micro Focus Fortify WebInspect Enterprise.
The Fortify WebInspect Enterprise Server SQL database requires case-insensitive collation.
Important! This is opposite the requirement for Fortify Software Security Center databases as
described in "Fortify Software Security Center Database" on page 23.
Micro Focus Fortify Software (22.1.0) Page 49 of 66
System Requirements
WebInspect Enterprise Hardware Requirements
The following table lists the hardware requirements for the Micro Focus Fortify WebInspect
Enterprise server.
Component Requirement
Processor 3.0 GHz quad-core
RAM 16 GB
Hard disk 100+ GB
Display 1920 x 1080
WebInspect Enterprise Software Requirements
Micro Focus Fortify WebInspect Enterprise server runs on and works with the software packages
listed in the following table.
Package Versions Notes
Windows Windows Server 2016 Recommended
Windows Server 2019
.NET Platform .NET Framework 4.8
Web Server IIS 10 Recommended
IIS 7.5, 8.0, 8.5
SQL Server SQL Server 2019 Recommended
(English-language No scan database limit
versions only)
SQL Server 2017 No scan database limit
SQL Server 2016 SP2 No scan database limit
Browser Mozilla Firefox 75 or Recommended
later
Google Chrome 81 or
later
Micro Focus Fortify Software (22.1.0) Page 50 of 66
System Requirements
Package Versions Notes
Microsoft Edge 81 or
later
Internet Explorer 11
Administrative Console Requirements
This section describes the hardware and software requirements for the Micro Focus Fortify
WebInspect Enterprise Administrative Console.
You do not need to install the Fortify WebInspect Enterprise Administrative Console on the same
machine as the Web Console of the Fortify WebInspect Enterprise server. The two consoles have
different system requirements. In addition, you can install multiple Administrative Consoles on
different machines connected to the same Fortify WebInspect Enterprise server.
Hardware Requirements
The following table lists the hardware requirements for Fortify WebInspect Enterprise Administrative
Console.
Component Requirement Notes
Processor 2.5 GHz dual-core Minimum
RAM 4 GB Minimum
Hard disk 2 GB
Display 1980 x 1080 Recommended
1280 x 1024 Minimum
Micro Focus Fortify Software (22.1.0) Page 51 of 66
System Requirements
Software Requirements
The Fortify WebInspect Enterprise Administrative Console runs on and works with the software
packages listed in the following table.
Package Versions Notes
Windows Windows 10 Recommended
Windows 8.1
Windows Server 2016
Windows Server 2019
.NET .NET Framework 4.8
Fortify WebInspect Enterprise Ports and Protocols
This section describes the ports and protocols Micro Focus Fortify WebInspect Enterprise uses to
make required and optional connections.
Required Connections
The following table lists the ports and protocols Micro Focus Fortify WebInspect Enterprise uses to
make required connections.
URL or
Direction Endpoint Details Port Protocol Notes
Fortify WebInspect SQL Server SQL TCP 1433 or SQL TCP Used to maintain the scan data
Enterprise Manager Standard/Enterprise service on user- and full Enterprise environment.
server to SQL locally specified Custom configurations of
database installed or SQL Server are permitted,
remote host including port changes and
encrypted communication.
Fortify WebInspect Fortify Software User- 8180 or HTTP or As a modular add-on, Fortify
Enterprise Manager Security Center server specified user- HTTPS WebInspect Enterprise requires
machine to Fortify Fortify specified over SSL a connection to its core Fortify
Software Security Software Software Security Center
Center server Security server.
Center server
Note: This connection is
required only if you
integrate Fortify
WebInspect Enterprise
Micro Focus Fortify Software (22.1.0) Page 52 of 66
System Requirements
URL or
Direction Endpoint Details Port Protocol Notes
with Fortify Software
Security Center.
Sensor machines to Fortify WebInspect User- 443 or HTTPS Communication is two-way
Fortify WebInspect Enterprise server specified user- over SSL HTTP traffic, initiated in-bound
Enterprise Manager Fortify specified by the Fortify WebInspect
server WebInspect sensor machine.
Enterprise
server
Browser users to Fortify WebInspect User- 443 or HTTPS You can configure Fortify
Fortify WebInspect Enterprise server specified user- over SSL WebInspect Enterprise not to
Enterprise server UI Fortify specified use SSL, but tests indicate that
WebInspect it might affect the product
Enterprise usability.
server
Browser user to Fortify Software User- 8180 or HTTP or You can configure the Fortify
Fortify Software Security Center server specified user- HTTPS Software Security Center server
Security Center UI Fortify specified over SSL on any available port during
Software installation.
Security
Center server
Optional Connections
The following table lists the ports and protocols Micro Focus Fortify WebInspect Enterprise uses to
make optional connections.
Direction Endpoint URL or Details Port Protocol Notes
Fortify Fortify User-specified Fortify 443 or HTTPS Communication is two-way HTTP
WebInspect WebInspect WebInspect Enterprise user- over SSL traffic, initiated in-bound by the
desktop Enterprise server specified Fortify WebInspect desktop
machines to server machine.
Fortify
WebInspect
Enterprise
Manager
server
Micro Focus Fortify Software (22.1.0) Page 53 of 66
System Requirements
Direction Endpoint URL or Details Port Protocol Notes
Fortify Fortify https://licenseservice. 443 HTTPS For one-time activation of the
WebInspect Licensing fortify.microfocus.com over SSL Fortify WebInspect Enterprise
Enterprise Service server license as well as periodic
Manager checks during an update. You may
machine to optionally use the following:
Fortify License l An offline activation process
activation
instead of using this direct
server
connection
l Upstream proxy with
authentication instead of a
direct Internet connection
Important! If you use the
offline activation process,
then you must also use the
offline SmartUpdate process.
For more information, see the
Micro Focus Fortify
WebInspect Enterprise User
Guide or the WebInspect
Enterprise Administrative
Console help.
Micro Focus Fortify Software (22.1.0) Page 54 of 66
System Requirements
Direction Endpoint URL or Details Port Protocol Notes
Fortify SmartUpdate https://smartupdate. 443 HTTPS Used to acquire product updates
WebInspect fortify.microfocus.com over SSL as well as all connected clients
Enterprise (Fortify WebInspect sensors and
Manager Fortify WebInspect desktop). The
machine to administrator manually runs
SmartUpdate SmartUpdate, however Fortify
server recommends that you set up an
automated schedule. New client
releases are held in reserve until
the Fortify WebInspect Enterprise
administrator marks them as
Approved, at which time they are
automatically distributed from the
Fortify WebInspect Enterprise
Manager server. Can support the
use of an upstream proxy with
authentication instead of a direct
Internet connection.
Important! Access to the
SmartUpdate server also
requires access to the
licensing server. If you have
restrictions on outgoing
traffic, you must add both the
SmartUpdate server and the
licensing server to your allow
list.
Fortify User’s mail Email alerts 25 or SMTP Used for SMTP alerts for
WebInspect server user- administration team. To enable
Enterprise specified mobile TXT alerts, you can use an
Manager SMTP-to-SMS gateway address.
machine to
mail server
Fortify User’s SNMP SNMP alerts 162 or SNMP Used for SNMP alerts for
WebInspect Community user- administration team.
Enterprise specified
Manager
machine to
SNMP
Community
Micro Focus Fortify Software (22.1.0) Page 55 of 66
System Requirements
Connections for Tools
The following table lists the ports and protocols that the Micro Focus Fortify WebInspect Enterprise
tools use to make connections.
Tool Direction Endpoint Port Protocol Notes
Web Proxy To target localhost 8080 or HTTP or Intercepts and displays web traffic
web user-specified HTTPS
application over SSL
Web Form To target localhost Dynamic, 8100, HTTP or Intercepts web traffic and captures
Editor web or HTTPS submitted forms
application user-specified over SSL
Login or To target localhost Dynamic, 8081, HTTP or Records browser sessions for replay during
Workflow Macro web or HTTPS scan
Recorders application user-specified over SSL
Web Discovery To targeted localhost User-specified HTTP and Scanner for identifying rogue web
IP range range HTTPS applications hosted among the targeted
over SSL scanned IP and port ranges
Use to provide targets to Fortify
WebInspect (manually)
Fortify WebInspect Enterprise Sensor
A Micro Focus Fortify WebInspect Enterprise sensor is a Micro Focus Fortify WebInspect sensor that
runs scans on behalf of Fortify WebInspect Enterprise. See "Fortify WebInspect Requirements" on
page 39 for more information.
To run a scan from Fortify WebInspect Enterprise, you must have at least one instance of Fortify
WebInspect connected and configured as a sensor.
Fortify WebInspect Enterprise Notes and Limitations
l You can connect any instance of Micro Focus Fortify Software Security Center to only one instance
of Micro Focus Fortify WebInspect Enterprise, and you can connect any instance of Fortify
WebInspect Enterprise to only one instance of Fortify Software Security Center.
l For a Fortify WebInspect Enterprise environment to support Internet Protocol version 6 (IPv6), you
must deploy the IPv6 protocol on each Fortify WebInspect Enterprise Administrative Console, each
Fortify WebInspect Enterprise sensor, and the Fortify WebInspect Enterprise server.
Micro Focus Fortify Software (22.1.0) Page 56 of 66
System Requirements
Fortify Project Results (FPR) File Compatibility
Earlier versions of Micro Focus Fortify Software products cannot open and read FPR files generated
by later versions of Fortify Software products. For example, Micro Focus Fortify Audit Workbench
20.1.0 cannot read 22.1.0 FPR files. However, later versions of Fortify Software products can open
and read FPR files generated by earlier versions of Fortify Software products. For example, Fortify
Audit Workbench version 22.1.0 can open and read version 20.1.0 FPR files.
The FPR file version is determined as follows:
l The FPR version is the same as the version of the analyzer that initially generated it. For example,
an FPR generated by Fortify Software version 22.1.0 also has the version 22.1.0.
l The FPR version is the same as the version of the Micro Focus Fortify Software Security Center or
Micro Focus Fortify Static Code Analyzer Tool used to change or audit the FPR.
l If you merge two FPRs, the resulting FPR has the version of the more recently generated FPR. For
example, if you merge a version 20.1.0 FPR with a version 22.1.0 FPR, the resulting FPR has the
version 22.1.0.
You can only open 22.1.0 FPR files with Fortify Software Security Center or Fortify Static Code
Analyzer Tools versions 22.1.0 or later.
Caution Regarding Uploading FPRs to Fortify Software Security Center
Fortify Software Security Center keeps a project file that contains the latest scan results and audit
information for each application. Fortify Audit Workbench and the Secure Code Plugins also use this
project file for collaborative auditing.
Each time you upload an FPR to Fortify Software Security Center, it is merged with the existing
project file. If the FPR has a later version number than the existing project file, the existing project file
version changes to match the FPR. For Fortify Audit Workbench and the Secure Code Plugins to work
with the updated FPR, they must be at least the same version as the FPR. For example, Fortify Audit
Workbench 21.1.0 cannot open and read a 22.1.0 FPR.
Virtual Machine Support
You can run Micro Focus Fortify Software products on an approved operating system in virtual
machine environments. You must provide dedicated CPU and memory resources that meet the
minimum hardware requirements. If you find issues that cannot be reproduced on the native
environments with the recommended processing, memory, and disk resources, you must work with
the provider of the virtual environment to resolve them.
Note: If you run Fortify Software products in a VM environment, Fortify strongly recommends
that you have CPU and memory resources fully committed to the VM to avoid possible
performance degradation.
Micro Focus Fortify Software (22.1.0) Page 57 of 66
System Requirements
Technologies no Longer Supported in this Release
The following technologies and features are no longer supported in Fortify Software:
l Operating Systems (Fortify Static Code Analyzer and Applications)
l Windows 8.1
l macOS 10.15
l Build Tools (Fortify Static Code Analyzer)
l Gradle versions prior to version 5.0
l Xcodebuild 12, 12.0.1, 12.1, 12.2, 12.3, 12.4
l Compilers
l Clang 12.0.0
l Swiftc 5.3, 5.3.1, 5.3.2
l Kubernetes Cluster Deployment (Fortify Software Security Center):
l Kubernetes 1.18–1.19
l Helm 3.2-3.5
l Service Integrations
l Jira 7.x
Technologies to Lose Support in the Next Release
The technologies listed in this topic are scheduled for deprecation in the next Micro Focus Fortify
Software release.
Note: A deprecated technology is no longer recommended for use. Typically, the deprecated item
will be removed from the product in a future release. When a technology is deprecated, Fortify
recommends that you remove it from your workflow at your earliest convenience.
l Fortify Static Code Analyzer support for all Swift, Xcode, and Objective-C/C++ versions follows the
deprecation path Apple Inc. adopts.
l Xcodebuild 12.5, 12.5.1
l Clang 12.0.5
l Swiftc 5.4, 5.4.2
Micro Focus Fortify Software (22.1.0) Page 58 of 66
System Requirements
l Kubernetes Cluster Deployment (Fortify Software Security Center):
l Kubernetes 1.20–1.21
l Helm 3.6-3.7
l Secure Code Plugins:
l Visual Studio 2017
l Service Integrations
l Jira 8.0–8.12
Acquiring Fortify Software
Micro Focus Fortify Software is available as an electronic download. For instructions on how to
download the software from the Micro Focus Software Licenses and Downloads (SLD) portal
(https://sld.microfocus.com), click Contact Us / Self Help to review the videos and the Quick Start
Guide.
The following table lists the available packages and describes their contents.
File Name Description
Fortify_SCA_and_Apps_ Fortify Static Code Analyzer and Applications package for Windows
<version>_Windows.zip
This package includes:
l Fortify Static Code Analyzer and Applications installer, which
includes the following components:
l Fortify Static Code Analyzer
l Fortify Audit Workbench
l Fortify Custom Rules Editor
l Fortify Plugin for Eclipse (Eclipse Complete Plugin)
l Fortify Analysis Plugin for IntelliJ and Android Studio
l Fortify Extension for Visual Studio
l Fortify Scan Wizard
l Sample projects
l Fortify License and Infrastructure Manager installer
l Fortify Security Assistant Plugin for Eclipse
l Fortify Custom Rules Guide bundle
Micro Focus Fortify Software (22.1.0) Page 59 of 66
System Requirements
File Name Description
l About Fortify Software Documentation
Note: Fortify Software Security Content (Rulepacks and external
metadata) can be downloaded during the installation.
Fortify_SCA_and_Apps_ Signature file for the Fortify Static Code Analyzer and Applications
<version>_Windows.zip.sig package for Windows
Fortify_SCA_and_Apps_ Fortify Static Code Analyzer and Applications package for Linux
<version>_Linux.tar.gz
This package includes:
l Fortify Static Code Analyzer and Applications installer, which
includes the following components:
l Fortify Static Code Analyzer
l Fortify Audit Workbench
l Fortify Custom Rules Editor
l Fortify Plugin for Eclipse (Eclipse Complete Plugin)
l Fortify Analysis Plugin for IntelliJ and Android Studio
l Fortify Scan Wizard
l Sample applications
l Fortify Security Assistant Plugin for Eclipse
l Fortify Custom Rules Guide bundle
l About Fortify Software Documentation
Note: Fortify Software Security Content (Rulepacks and external
metadata) can be downloaded during the installation.
Fortify_SCA_and_Apps_ Signature file for Fortify Static Code Analyzer for Linux
<version>_Linux.tar.gz.sig
Fortify_SCA_and_Apps_ Fortify Static Code Analyzer and Applications package for macOS
<version>_Mac.tar.gz
This package includes:
l Fortify Static Code Analyzer and Applications installer, which
includes the following components:
Micro Focus Fortify Software (22.1.0) Page 60 of 66
System Requirements
File Name Description
l Fortify Static Code Analyzer
l Fortify Audit Workbench
l Fortify Custom Rules Editor
l Fortify Plugin for Eclipse (Eclipse Complete Plugin)
l Fortify Analysis Plugin for IntelliJ and Android Studio
l Fortify Scan Wizard
l Sample projects
l Fortify Security Assistant Plugin for Eclipse
l Fortify Custom Rules Guide bundle
l About Fortify Software Documentation
Note: Fortify Software Security Content (Rulepacks and external
metadata) can be downloaded during the installation.
Fortify_SCA_and_Apps_ Signature file for the Fortify Static Code Analyzer and Applications
<version>_Mac.tar.gz.sig package for macOS
Fortify_SCA_<version>_ Fortify Static Code Analyzer for Solaris
Solaris.tar.gz
This package includes:
l Fortify Static Code Analyzer installer
l Fortify Custom Rules Guide bundle
l About Fortify Software Documentation
Fortify_SCA_<version>_ Signature file for Fortify Static Code Analyzer for Solaris
Solaris.tar.gz.sig
Fortify_SCA_<version>_ Fortify Static Code Analyzer for AIX
AIX.tar.gz
This package includes:
l Fortify Static Code Analyzer installer
l Fortify Custom Rules Guide bundle
l About Fortify Software Documentation
Fortify_SCA_<version>_ Signature file for Fortify Static Code Analyzer for AIX
Micro Focus Fortify Software (22.1.0) Page 61 of 66
System Requirements
File Name Description
AIX.tar.gz.sig
Fortify_SSC_Server_ Fortify Software Security Center package
<version>.zip
This package includes:
l Fortify Software Security Center WAR file
l Fortify seed bundles
l About Fortify Software Documentation
Fortify_SSC_Server_ Signature file for Fortify Software Security Center
<version>.zip.sig
Fortify_ScanCentral_ Fortify ScanCentral SAST Controller package
Controller_<version>.zip
This package includes:
l Fortify ScanCentral SAST
l ScanCentral standalone client
l About Fortify Software Documentation
Fortify_ScanCentral_ Signature file for Fortify ScanCentral SAST Controller
Controller_<version>.zip.sig
ScanCentral_DAST_ Fortify ScanCentral DAST package
<version>.zip
This package includes:
l DAST.ConfigurationToolCLI.exe
l scancentral-dast-config.tar (Docker container with the
DAST.ConfigurationToolCLI.exe and SecureBase)
l SampleSettingsFile.json
l SampleSettingsFile.yaml
l ScanCentral DAST - Sensor Service.zip (sensor service and
supporting bits)
l appsettings.json (configures the sensor service)
l Dynamic_Addons.zip (installers for optional FAST and Scan
Scaling components)
l About Fortify Software Documentation
ScanCentral_DAST_ Signature file for Fortify ScanCentral DAST
Micro Focus Fortify Software (22.1.0) Page 62 of 66
System Requirements
File Name Description
<version>.zip.sig
SecurityToolkit_ Fortify WebInspect Toolkit package for use with Fortify WebInspect
<version>.zip Enterprise
WebInspect_64_ Fortify WebInspect 64-bit package
<version>.zip
This package includes:
l Installer
l About Fortify Software Documentation
WebInspect_Agent_ Fortify WebInspect Agent package
<version>.zip
WI_Enterprise_ Fortify WebInspect Enterprise package
<version>.zip
This package includes the following components:
l Fortify WebInspect Enterprise server
l Fortify WebInspect Enterprise Administrative Console
l About Fortify Software Documentation
About Verifying Software Downloads
This topic describes how to verify the digital signature of the signed file that you downloaded from
the Micro Focus Fortify Customer Support site. Verification ensures that the downloaded package has
not been altered since it was signed and posted to the site. Before proceeding with verification,
download the Fortify Software product files and their associated signature (*.sig) files. You are not
required to verify the package to use the software, but your organization might require it for security
reasons.
Preparing Your System for Digital Signature Verification
Note: These instructions describe a third-party product and might not match the specific,
supported version you are using. See your product documentation for the instructions for your
version.
To prepare your system for electronic media verification:
1. Navigate to the GnuPG site (http://www.gnupg.org).
2. Download and install GnuPG Privacy Guard.
Micro Focus Fortify Software (22.1.0) Page 63 of 66
System Requirements
3. Generate a private key, as follows:
a. Run the following command (on a Windows system, run the command without the $ prompt):
$ gpg --gen-key
b. When prompted for key type, select DSA and Elgamal.
c. When prompted for a key size, select 2048.
d. When prompted for the length of time the key should be valid, select key does not
expire.
e. Answer the user identification questions and provide a passphrase to protect your private
key.
4. Download the Micro Focus GPG public keys (compressed tar file) from
https://mysupport.microfocus.com/documents/10180/0/MF_public_keys.tar.gz.
5. Extract the public keys.
6. Import each downloaded key with GnuPG with the following command:
gpg --import <path_to_key>/<key_file>
Verifying Software Downloads
To verify that the signature file matches the downloaded software package:
1. Navigate to the directory where you stored the downloaded package and signature file.
2. Run the following command:
gpg --verify <file>.sig <filename>
For example:
gpg --verify Fortify_SSC_Server_22.1.0.zip.sig Fortify_SSC_Server_
22.1.0.zip
3. Examine the output to make sure that you receive verification that the software you downloaded
is signed by Micro Focus Group Limited and is unaltered. Your output will include something
similar to the following:
gpg: Signature made Wed, May 04, 2022 10:15:10 AM PDT using RSA key ID
AB42A5CF
gpg: Good signature from "Micro Focus Group Limited RS A2048 1"
Note: A warning message might indicate that the public key is not known to the system. You can
ignore this warning or set up your environment to trust these public keys.
Assistive Technologies (Section 508)
In accordance with section 508 of the Rehabilitation Act, Micro Focus Fortify Audit Workbench has
been engineered to work with the JAWS screen reading software package from Freedom Scientific.
Micro Focus Fortify Software (22.1.0) Page 64 of 66
System Requirements
JAWS provides text-to-speech support for use by the visually impaired. With JAWS, labels, text boxes,
and other textual components can be read aloud, providing greater access to these technologies.
Micro Focus Fortify Software Security Center works well with the ChromeVox screen reader.
Micro Focus Fortify Software (22.1.0) Page 65 of 66
Send Documentation Feedback
If you have comments about this document, you can contact the documentation team by email.
Note: If you are experiencing a technical issue with our product, do not email the documentation
team. Instead, contact Micro Focus Fortify Customer Support at
https://www.microfocus.com/support so they can assist you.
If an email client is configured on this computer, click the link above to contact the documentation
team and an email window opens with the following information in the subject line:
Feedback on System Requirements (Fortify Software 22.1.0)
Just add your feedback to the email and click send.
If no email client is available, copy the information above to a new message in a web mail client, and
send your feedback to [email protected].
We appreciate your feedback!
Micro Focus Fortify Software (22.1.0) Page 66 of 66
You might also like
- FortiADC Deployment Guide. High-Performance SSL Inspection With FortiADC and FortiGateNo ratings yetFortiADC Deployment Guide. High-Performance SSL Inspection With FortiADC and FortiGate50 pages
- Endpoint Product Removal User Guide 21.11No ratings yetEndpoint Product Removal User Guide 21.1115 pages
- Security Hardening Guide For NetApp ONTAP 9No ratings yetSecurity Hardening Guide For NetApp ONTAP 935 pages
- Mussa TikTok Automatiom (Creativity Program)100% (2)Mussa TikTok Automatiom (Creativity Program)4 pages
- Administrative Guide v4.8.5.0 - U16 SP2 1No ratings yetAdministrative Guide v4.8.5.0 - U16 SP2 1686 pages
- Cybersecurity Foundations Lab 3: Creating A Zero Trust EnvironmentNo ratings yetCybersecurity Foundations Lab 3: Creating A Zero Trust Environment28 pages
- SOA Patterns With BizTalk Server 2013 and Microsoft Azure - Second Edition - Sample ChapterNo ratings yetSOA Patterns With BizTalk Server 2013 and Microsoft Azure - Second Edition - Sample Chapter26 pages
- Reference Architecture: Lenovo Client Virtualization With Citrix XendesktopNo ratings yetReference Architecture: Lenovo Client Virtualization With Citrix Xendesktop74 pages
- Configuring Fault Tolerance With A Dell Networking R1-2210 in A VRTX ChassisNo ratings yetConfiguring Fault Tolerance With A Dell Networking R1-2210 in A VRTX Chassis51 pages
- HCL Unica 12.1 Supported Environments: Recommended Software Environments and Minimum System RequirementsNo ratings yetHCL Unica 12.1 Supported Environments: Recommended Software Environments and Minimum System Requirements19 pages
- NEW Installation Guide For ArcSight ESM 7.0 (Compact Mode)No ratings yetNEW Installation Guide For ArcSight ESM 7.0 (Compact Mode)77 pages
- The Dog Whisperer'S Handbook 3: A Hacker'S Guide To The Bloodhound GalaxyNo ratings yetThe Dog Whisperer'S Handbook 3: A Hacker'S Guide To The Bloodhound Galaxy53 pages
- An Overview of The Veracode Application Security Solution Application AnalysisNo ratings yetAn Overview of The Veracode Application Security Solution Application Analysis8 pages
- Dell Emc Poweredge r250 Technical GuideNo ratings yetDell Emc Poweredge r250 Technical Guide50 pages
- Alberto Benjamin Site Reliability Engineer/ Lead (SRE) : Professional SummaryNo ratings yetAlberto Benjamin Site Reliability Engineer/ Lead (SRE) : Professional Summary6 pages
- Advanced Certification in DevOps Cloud ComputingNo ratings yetAdvanced Certification in DevOps Cloud Computing14 pages
- Security Best Practice - Hardening GuideNo ratings yetSecurity Best Practice - Hardening Guide12 pages
- Brochure Wharton Fintech 04-05-2022 V16No ratings yetBrochure Wharton Fintech 04-05-2022 V1614 pages
- Assignment Operation Management Jayeseelan100% (1)Assignment Operation Management Jayeseelan17 pages
- Gartner Magic Quadrant For SIEM Products (2010-2020) - Info Security MemoNo ratings yetGartner Magic Quadrant For SIEM Products (2010-2020) - Info Security Memo7 pages
- Colour Composite and Classification in IdrisiNo ratings yetColour Composite and Classification in Idrisi3 pages
- Best Practices For DevOps Advanced Deployment PatternsNo ratings yetBest Practices For DevOps Advanced Deployment Patterns11 pages
- Advantage Pro: Enquiry@vectratech - in 91-44-28263529 /30No ratings yetAdvantage Pro: Enquiry@vectratech - in 91-44-28263529 /30150 pages
- Detection and Location of PD in MV Cables in Electrically Noisy Industrial EnvironmentsNo ratings yetDetection and Location of PD in MV Cables in Electrically Noisy Industrial Environments4 pages
- Pressure Sensitive Safety Edge System ManualNo ratings yetPressure Sensitive Safety Edge System Manual24 pages
- Sophos Central Endpoint - Sophos AutoUpdate Service Is MissingNo ratings yetSophos Central Endpoint - Sophos AutoUpdate Service Is Missing2 pages
- 1.eastron SDM230-2T Smart Meter Modbus Protocol Implementation V1.1No ratings yet1.eastron SDM230-2T Smart Meter Modbus Protocol Implementation V1.120 pages
- Exploring The Research Trend of Smart Factory With Topic ModelingNo ratings yetExploring The Research Trend of Smart Factory With Topic Modeling15 pages
- Raspberry Pi Begginer Guide 2020 Part 4No ratings yetRaspberry Pi Begginer Guide 2020 Part 410 pages
- Approaches For Management and Decision Support in The Smart City ConceptNo ratings yetApproaches For Management and Decision Support in The Smart City Concept7 pages
