Fortify documentation

Question

Where can I find documentation on Fortify and what documentation is available?

Answer

See OpenText website for Fortify documentation: https://www.microfocus.com/documentation/

Note that new documentation is generally not released along with “patch” releases, only the major Fortify version updates (v19.2, v20.1, etc.).

See the sections below for links to documentation for specific Fortify tools.

Fortify Static Code Analyzer (SCA)

See OpenText website for Fortify documentation: https://www.microfocus.com/documentation/fortify-static-code/

All aspects of Fortify are documented, however the following are most likely to be useful for VA developers:

Document Filename Old Filename Description
OpenText Static Application Security Testing User Guide (formerly: OpenText Fortify Static Code Analyzer User Guide) sast-ugd-<version>.pdf SCA_Guide_<version>.pdf This will answer most Fortify translation and scan questions
Now included in SAST User Guide (formerly: OpenText Fortify Software System Requirements) N/A Fortify_Sys_Reqs_<version>.pdf This will answer questions about which languages (and versions), compilers, and operating systems are supported by Fortify
OpenText Fortify Audit Workbench User Guide awb-ugd-<version>.pdf AWB_Guide_<version>.pdf How to use Audit Workbench
OpenText Fortify Plugin for Eclipse ep-ugd-<version>.pdf Eclipse_Plugins_Guide_<version>.pdf How to install and use the Eclipse plugin
OpenText Fortify Extension for Visual Studio User Guide vse-ugd-<version>.pdf VS_Ext_Guide_<version>.pdf How to install and use the Visual Studio plugin
OpenText Fortify Analysis Plugin for IntelliJ IDEA and Android Studio User Guide iap-ugd-<version>.pdf N/A How to install and use the IntelliJ IDEA and Android Studio plugin
OpenText Static Application Security Testing Custom Rules Guide (formerly: OpenText Fortify Custom Rules Guide) sast-cr-ugd-<version>.pdf SCA_Cust_Rules_Guide_<version>.zip Information on how to create custom rules. This document is included in the Fortify SCA distribution package.

Fortify Software Security Center (SSC)

See OpenText website for Fortify documentation: https://www.microfocus.com/documentation/fortify-software-security-center/

All aspects of Fortify are documented, however the following are most likely to be useful for VA developers:

Document Filename Description  
OpenText Application Security User Guide (formerly: OpenText Fortify Software Security Center User Guide) ssc-ugd-<version>.pdf SSC_Guide_<version>.pdf This will answer most questions on how to install and use the Fortify SSC
Now included in Application Security User Guide (formerly: OpenText Fortify Software System Requirements) N/A Fortify_Sys_Reqs_<version>.pdf This will answer questions about which languages (and versions), compilers, and operating systems are supported by Fortify
OpenText Fortify ScanCentral SAST Installation, Configuration, and Usage Guide sc-sast-ugd-<version>.pdf ScanCentral_Guide_<version>.pdf This will answer most questions on how to install and use Fortify ScanCentral SAST

Additional documents available at the above documentation link for guides to database performance and maintenance and deploying with Kubernetes.

Fortify CI Server Plugins

See OpenText website for Fortify documentation:

Fortify Jenkins Plugin: https://www.microfocus.com/documentation/fortify-jenkins-plugin/

Fortify Plugin for Bamboo: https://www.microfocus.com/documentation/fortify-plugin-for-bamboo/

Fortify Azure DevOps Extension: https://www.microfocus.com/documentation/fortify-azure-devops-extension/

Other Documentation

Fortify extension for Visual Studio Code: https://www.microfocus.com/documentation/fortify-visual-studio-code/