Working with the Fortify Software Security Center (SSC) API
Вставка
- Опубліковано 31 лип 2024
- This demo by Jan Wienand goes deep into Fortify’s Software Security Center (SSC) API. The SSC API is the central place where you can exchange data. That means you can request some data or post some data inside of the SSC API and it will communicate with the SSC itself. There’s Swagger documentation that you can use to have a look at what you can do with the SSC API.
After a brief overview, Jan dives into 3 examples before finishing with some tips and tricks.
3:08 Overview of 3 use cases
4:26 Use Case #1: Create Tokens
8:40 Use Case #2: Upload test results
12:38 Use Case #3: Create new version of an application
17:30 Tips and tricks
- Using Swagger interface
- Play around with Sandbox
- Developer tools in browser
Check out the GitHub repository mentioned in the video: github.com/janwienand/ssc-api
LEARN MORE about Fortify: www.microfocus.com/en-us/solu...
LEARN MORE about how Micro Focus was named a leader in the Gartner MQ for Application Security Testing: software.microfocus.com/en-us...
LEARN MORE about how Fortify received the highest score in the Gartner Critical Capabilities for Application Security Testing report for the Enterprise use case AND the Mobile and Client use case: www.microfocus.com/en-us/asse...
SUBSCRIBE TO FORTIFY UNPLUGGED: / @fortifyunplugged
CONNECT with the Fortify Online Community: community.microfocus.com/t5/F...
- Connect with peers and share your knowledge
- Find solutions and answers to your technical questions
- Stay informed on new releases and product enhancements
- Access downloads, demos, videos and support tips - Наука та технологія
![Lp. Последняя Реальность #107 РОДНОЙ ДОМ [Финал] • Майнкрафт](http://i.ytimg.com/vi/IK3QKzKUlHM/mqdefault.jpg)
Nice video Jan. I often use the F12 to copy what they UI does. But it always feels a bit naughty. What you have done here is great - I pretty much doing same things in Python but now at least I can see I am more or less doing what you do.
I would prefer in the Swagger - some extra examples would be cool. But really appreciate the video.
Thank you for the feedback! Jan asked if you had any specific requests on the examples. Based on this, we could create another video showing those examples.
Good one. Do you know how to access all issues specific to a Project Version from Fortify SSC with REST API?
You should probably use the GET /projectVersions/{parentId}/issues endpoint, where {parentId} is the Application Version ID
How i can compare between two scans report of same application two find closed vulnerabilities in DAST scan?
WebInspect may generate reports with non-comparable data, especially when dealing with network attacks or other types of vulnerabilities that are not directly related to the web application itself. Network attack data may include information about network configurations, firewall rules, or other network-specific details that are not relevant to tracking web application vulnerabilities.
Does webinspect provides any automated approach to find the closed vulnerblity from tool side between scans
This is pretty complex and will require a more detailed explanation. Please reach out to our support team for assistance: www.microfocus.com/en-us/support
Hello, good job. Please how can I list the versions of a desired Application
Thanks for the feedback! I suggest that you have a closer look to the /projectVersions list option and filter for your application. Otherwise I can recommend to use our fcli. There is also another video on our channel about this: ua-cam.com/video/sCMbU_s7hME/v-deo.htmlsi=MhALhHxM7HvgeVD_
How do I access fortify SSC?
Do you currently have Fortify SCA or WebInspect? You won't be able to access Fortify SSC without a license to one of those.