Fortify documentation
Question
Where can I find documentation on Fortify and what documentation is available?
Answer
See OpenText website for Fortify documentation: https://www.microfocus.com/documentation/
Note that new documentation is generally not released along with “patch” releases, only the major Fortify version updates (v19.2, v20.1, etc.).
See the sections below for links to documentation for specific Fortify tools.
Fortify Static Code Analyzer (SCA)
See OpenText website for Fortify documentation: https://www.microfocus.com/documentation/fortify-static-code/
All aspects of Fortify are documented, however the following are most likely to be useful for VA developers:
Document | Filename | Old Filename | Description |
---|---|---|---|
OpenText Static Application Security Testing User Guide (formerly: OpenText Fortify Static Code Analyzer User Guide) | sast-ugd-<version>.pdf | SCA_Guide_<version>.pdf | This will answer most Fortify translation and scan questions |
Now included in SAST User Guide (formerly: OpenText Fortify Software System Requirements) | N/A | Fortify_Sys_Reqs_<version>.pdf | This will answer questions about which languages (and versions), compilers, and operating systems are supported by Fortify |
OpenText Fortify Audit Workbench User Guide | awb-ugd-<version>.pdf | AWB_Guide_<version>.pdf | How to use Audit Workbench |
OpenText Fortify Plugin for Eclipse | ep-ugd-<version>.pdf | Eclipse_Plugins_Guide_<version>.pdf | How to install and use the Eclipse plugin |
OpenText Fortify Extension for Visual Studio User Guide | vse-ugd-<version>.pdf | VS_Ext_Guide_<version>.pdf | How to install and use the Visual Studio plugin |
OpenText Fortify Analysis Plugin for IntelliJ IDEA and Android Studio User Guide | iap-ugd-<version>.pdf | N/A | How to install and use the IntelliJ IDEA and Android Studio plugin |
OpenText Static Application Security Testing Custom Rules Guide (formerly: OpenText Fortify Custom Rules Guide) | sast-cr-ugd-<version>.pdf | SCA_Cust_Rules_Guide_<version>.zip | Information on how to create custom rules. This document is included in the Fortify SCA distribution package. |
Fortify Software Security Center (SSC)
See OpenText website for Fortify documentation: https://www.microfocus.com/documentation/fortify-software-security-center/
All aspects of Fortify are documented, however the following are most likely to be useful for VA developers:
Document | Filename | Description | |
---|---|---|---|
OpenText Application Security User Guide (formerly: OpenText Fortify Software Security Center User Guide) | ssc-ugd-<version>.pdf | SSC_Guide_<version>.pdf | This will answer most questions on how to install and use the Fortify SSC |
Now included in Application Security User Guide (formerly: OpenText Fortify Software System Requirements) | N/A | Fortify_Sys_Reqs_<version>.pdf | This will answer questions about which languages (and versions), compilers, and operating systems are supported by Fortify |
OpenText Fortify ScanCentral SAST Installation, Configuration, and Usage Guide | sc-sast-ugd-<version>.pdf | ScanCentral_Guide_<version>.pdf | This will answer most questions on how to install and use Fortify ScanCentral SAST |
Additional documents available at the above documentation link for guides to database performance and maintenance and deploying with Kubernetes.
Fortify CI Server Plugins
See OpenText website for Fortify documentation:
Fortify Jenkins Plugin: https://www.microfocus.com/documentation/fortify-jenkins-plugin/
Fortify Plugin for Bamboo: https://www.microfocus.com/documentation/fortify-plugin-for-bamboo/
Fortify Azure DevOps Extension: https://www.microfocus.com/documentation/fortify-azure-devops-extension/
Other Documentation
Fortify extension for Visual Studio Code: https://www.microfocus.com/documentation/fortify-visual-studio-code/