Micro Focus  
Fortify Software  
Software Version: 23.1.0  
System Requirements  
Document Release Date: May 2023  
Software Release Date: May 2023  
System Requirements  
Legal Notices  
Open Text Corporation  
275 Frank Tompa Drive, Waterloo, Ontario, Canada, N2L 0A1  
Copyright Notice  
Copyright 2001 - 2023 Open Text.  
The only warranties for products and services of Open Text and its affiliates and licensors (“Open Text”) are as may be set forth  
in the express warranty statements accompanying such products and services. Nothing herein should be construed as  
constituting an additional warranty. Open Text shall not be liable for technical or editorial errors or omissions contained herein.  
The information contained herein is subject to change without notice.  
Trademark Notices  
“OpenText” and other Open Text trademarks and service marks are the property of Open Text or its affiliates. All other  
trademarks or service marks are the property of their respective owners.  
Documentation Updates  
The title page of this document contains the following identifying information:  
l
Software Version number  
l
Document Release Date, which changes each time the document is updated  
l
Software Release Date, which indicates the release date of this version of the software  
This document was produced on May 08, 2023. To check for recent updates or to verify that you are using the most recent  
edition of a document, go to:  
https://www.microfocus.com/support/documentation  
Micro Focus Fortify Software (23.1.0)  
Page 2 of 64  
System Requirements  
Contents  
Preface  
7
7
7
7
7
Contacting Micro Focus Fortify Customer Support  
For More Information  
About the Documentation Set  
Fortify Product Feature Videos  
Introduction  
8
8
8
Software Delivery  
Software Licenses  
Fortify License and Infrastructure Manager Requirements  
Hardware Requirements  
8
9
Software Requirements  
9
LIM on Docker Requirements  
10  
Fortify ScanCentral DAST Requirements  
Architectural Best Practices  
10  
10  
10  
11  
11  
11  
12  
12  
12  
13  
13  
13  
13  
13  
14  
14  
14  
15  
15  
16  
16  
16  
Fortify ScanCentral DAST Configuration Tool CLI  
Software Requirements  
Hardware Requirements  
Fortify ScanCentral DAST Database Requirements  
Database Recommendations  
Important Recommendation About Disk I/O  
Fortify ScanCentral DAST Core Components VM  
Software Requirements  
Hardware Requirements  
Fortify ScanCentral DAST Sensor  
Fortify WebInspect on Docker Option  
Classic Fortify WebInspect Installation Option  
Fortify ScanCentral DAST Ports and Protocols  
DAST API Required Connections  
DAST Global Service Required Connections  
DAST Sensor Required Connections  
DAST Utility Service Required Connections  
Fortify ScanCentral DAST Browsers  
Standalone Web Macro Recorder Requirements  
Running as Administrator  
Micro Focus Fortify Software (23.1.0)  
Page 3 of 64  
System Requirements  
Software Integrations for Fortify ScanCentral DAST  
16  
Fortify ScanCentral SAST Requirements  
17  
17  
17  
17  
18  
18  
18  
18  
18  
19  
19  
19  
Fortify ScanCentral SAST Controller Requirements  
Fortify ScanCentral SAST Controller Hardware Requirements  
Fortify ScanCentral SAST Controller Platforms and Architectures  
Fortify ScanCentral SAST Controller Application Server  
Fortify ScanCentral SAST Client and Sensor Requirements  
Fortify ScanCentral SAST Client and Sensor Hardware Requirements  
Sensor Disk Space Requirements  
Fortify ScanCentral SAST Client and Sensor Software Requirements  
Fortify ScanCentral SAST Sensor Languages and Build Tools  
Languages  
Build Tools  
Fortify Software Security Center Server Requirements  
Hardware Requirements  
20  
20  
20  
Database Hardware Requirements  
Database Performance Metrics for Minimum and Recommended Hardware  
Requirements  
21  
21  
21  
22  
Platforms and Architectures  
Application Servers  
Fortify Software Security Center Database  
Deploying Fortify Software Security Center to a Kubernetes Cluster (Optional  
Deployment Strategy)  
23  
23  
23  
23  
24  
24  
24  
25  
25  
25  
25  
Kubernetes Cluster Requirements  
Locally-Installed Tools Required  
Additional Requirements  
Browsers  
Authentication Systems  
Single Sign-On (SSO)  
BIRT Reporting  
(Linux with OpenJDK only) Installing Required Fonts  
(Non-GUI Linux Operating System only) Installing Required Libraries  
Service Integrations for Fortify Software Security Center  
Fortify Static Code Analyzer Requirements  
Hardware Requirements  
Software Requirements  
26  
26  
26  
27  
27  
Platforms and Architectures  
Languages  
Micro Focus Fortify Software (23.1.0)  
Page 4 of 64  
System Requirements  
Libraries, Frameworks, and Technologies  
29  
34  
34  
35  
Build Tools  
Compilers  
Fortify Software Security Content  
Fortify Static Code Analyzer Applications and Tools Requirements  
Hardware Requirements  
35  
35  
35  
36  
36  
37  
38  
38  
Software Requirements  
Platforms and Architectures  
Service Integrations for Fortify Applications and Tools  
Secure Code Plugins  
Single Sign-On (SSO)  
BIRT Reports  
Fortify WebInspect Requirements  
WebInspect Hardware Requirements  
WebInspect Software Requirements  
Support for Postman  
38  
39  
39  
40  
41  
41  
42  
42  
42  
42  
43  
45  
45  
46  
46  
Notes on SQL Server Editions  
WebInspect on Docker  
Notes on Image Databases  
Hardware Requirements  
Fortify WebInspect Ports and Protocols  
Required Connections  
Optional Connections  
Connections for Tools  
Fortify WebInspect Agent  
WebInspect Software Development Kit (SDK)  
Software Integrations for Fortify WebInspect  
Fortify WebInspect Agent Requirements  
Platforms and Architectures  
Java Runtime Environments  
Java Application Servers  
.NET Frameworks  
46  
46  
47  
47  
47  
47  
IIS for Windows Server  
Fortify WebInspect Enterprise Requirements  
Important Information About This Release  
Integrations for Fortify WebInspect Enterprise  
Fortify WebInspect Enterprise Database  
48  
48  
48  
48  
48  
WebInspect Enterprise Hardware Requirements  
Micro Focus Fortify Software (23.1.0)  
Page 5 of 64  
System Requirements  
WebInspect Enterprise Software Requirements  
49  
49  
50  
50  
50  
51  
52  
54  
54  
54  
Administrative Console Requirements  
Hardware Requirements  
Software Requirements  
Fortify WebInspect Enterprise Ports and Protocols  
Required Connections  
Optional Connections  
Connections for Tools  
Fortify WebInspect Enterprise Sensor  
Fortify WebInspect Enterprise Notes and Limitations  
Fortify Project Results (FPR) File Compatibility  
Virtual Machine Support  
55  
55  
56  
56  
Technologies no Longer Supported in this Release  
Technologies to Lose Support in the Next Release  
Acquiring Fortify Software  
57  
62  
62  
63  
About Verifying Software Downloads  
Preparing Your System for Digital Signature Verification  
Verifying Software Downloads  
Assistive Technologies (Section 508)  
63  
Send Documentation Feedback  
64  
Micro Focus Fortify Software (23.1.0)  
Page 6 of 64  
System Requirements  
Preface  
Contacting Micro Focus Fortify Customer Support  
Visit the Support website to:  
l
Manage licenses and entitlements  
l
Create and manage technical assistance requests  
l
Browse documentation and knowledge articles  
l
Download software  
l
Explore the Community  
https://www.microfocus.com/support  
For More Information  
For more information about Fortify software products:  
https://www.microfocus.com/cyberres/application-security  
About the Documentation Set  
The Fortify Software documentation set contains installation, user, and deployment guides for all  
Fortify Software products and components. In addition, you will find technical notes and release notes  
that describe new features, known issues, and last-minute updates. You can access the latest versions  
of these documents from the following Micro Focus Product Documentation website:  
https://www.microfocus.com/support/documentation  
To be notified of documentation updates between releases, subscribe to Fortify Product  
Announcements on the Micro Focus Community:  
https://community.microfocus.com/cyberres/fortify/w/fortify-product-announcements  
Fortify Product Feature Videos  
You can find videos that highlight Fortify products and features on the Fortify Unplugged YouTube  
channel:  
https://www.youtube.com/c/FortifyUnplugged  
Micro Focus Fortify Software (23.1.0)  
Page 7 of 64  
 
 
 
 
 
System Requirements  
Introduction  
This document provides the details about the environments and products that Fortify supports for  
this version of Fortify Software, which includes:  
l
Fortify License and Infrastructure Manager  
l
Fortify ScanCentral DAST  
l
Fortify ScanCentral SAST  
l
Fortify Software Security Center Server  
l
Fortify Static Code Analyzer  
l
Fortify Static Code Analyzer Applications and Tools (including Secure Code Plugins)  
l
Fortify WebInspect  
l
Fortify WebInspect Agent  
l
Fortify WebInspect Enterprise  
Software Delivery  
Micro Focus Fortify Software is delivered electronically. See "Acquiring Fortify Software" on page 57  
for more information.  
Software Licenses  
Fortify Software products require a license. For Fortify ScanCentral DAST, Fortify Static Code  
Analyzer, Fortify WebInspect, and Fortify WebInspect Enterprise, you will receive an email with  
instructions for how to activate your product.  
For all other Fortify Software products described in this document (including Fortify Static Code  
Analyzer and Secure Code Plugins), you must download the Fortify license file for your purchase from  
the Micro Focus Software Licenses and Downloads (SLD) portal (https://sld.microfocus.com). Use the  
credentials that Micro Focus Fortify Customer Support has provided for access.  
Note: Using Fortify License and Infrastructure Manager (LIM) to manage concurrent licenses for  
Fortify Static Code Analyzer requires LIM version 21.2.0 or later.  
Fortify License and Infrastructure Manager  
Requirements  
This section describes the hardware and software requirements for Fortify License and Infrastructure  
Manager (LIM).  
Micro Focus Fortify Software (23.1.0)  
Page 8 of 64  
 
 
 
System Requirements  
Hardware Requirements  
Fortify recommends that you install the LIM on a system that conforms to the supported components  
listed in following table.  
Component  
Requirement  
Notes  
Processor  
2.5 GHz single-core or faster Recommended  
1.5 GHz single-core  
2+ GB  
Minimum  
RAM  
Recommended  
Minimum  
1 GB  
Hard disk  
Display  
50+ GB  
Recommended  
Minimum  
20 GB  
1280 x 1024  
1024 x 768  
Recommended  
Minimum  
Software Requirements  
LIM runs on and works with the software packages listed in the following table. Beta or pre-release  
versions of operating systems, service packs, and required third-party components are not supported.  
Package  
Versions  
Notes  
Windows Server  
Windows Server 2019  
Windows Server 2022  
IIS 8.5  
Web Server  
Recommended  
IIS 7.5, 8.0, 10  
.NET Framework 4.8  
ASP.NET 4.8  
.NET Platform  
Micro Focus Fortify Software (23.1.0)  
Page 9 of 64  
 
 
System Requirements  
LIM on Docker Requirements  
LIM on Docker has the requirements listed in the following table.  
Software  
Version  
Windows  
Windows Server 2019  
18.09 or later  
Docker Enterprise  
Fortify ScanCentral DAST Requirements  
Before you install Fortify ScanCentral DAST, make sure that your system meets the requirements  
described in this section. Fortify does not support beta or pre-release versions of operating systems,  
service packs, or required third-party components.  
Architectural Best Practices  
The Fortify ScanCentral DAST core components are available as Docker images only. The Fortify  
WebInspect sensor is either a Docker image or a Windows computer with both Fortify WebInspect and  
the Fortify ScanCentral DAST sensor service installed.  
Follow these best practice guidelines when you configure Fortify ScanCentral DAST:  
l
Run the DAST API, DAST Global Service, DAST Utility Service, and Fortify License and  
Infrastructure Manager (LIM) Docker containers on the same VM or on separate VMs.  
l
Do not run the Fortify WebInspect sensor (container or classic installation) on the same VM as any  
of the other DAST components.  
For more information about the Fortify ScanCentral DAST components, see the Micro Focus Fortify  
ScanCentral DAST Configuration and Usage Guide.  
Fortify ScanCentral DAST Configuration Tool CLI  
This topic describes the software and hardware requirements for the machine on which the  
configuration tool CLI runs to configure settings for the Fortify ScanCentral DAST components.  
Micro Focus Fortify Software (23.1.0)  
Page 10 of 64  
 
 
 
 
System Requirements  
Software Requirements  
The Fortify ScanCentral DAST Configuration Tool CLI runs on and works with the software packages  
listed in the following table.  
Package  
Versions  
Windows  
Windows 10  
Windows Server 2019  
.NET SDK Core Runtime 6.0  
.NET Platform  
Red Hat Enterprise Linux (RHEL) 8.x x86_64  
Hardware Requirements  
Fortify recommends that you use the Fortify ScanCentral DAST Configuration Tool CLI on a system  
that conforms to the supported components listed in the following table.  
Component  
Requirement  
2+ GB  
Notes  
RAM  
Recommended  
Minimum  
1 GB  
Fortify ScanCentral DAST Database Requirements  
Fortify ScanCentral DAST supports the databases listed in the following table.  
Package  
Versions  
Notes  
SQL Server  
SQL Server  
2019  
Recommended  
(English-  
No scan database limit  
language  
version only)  
SQL Server  
2017  
Azure SQL  
Server  
Using Azure SQL Server outside the Azure infrastructure may  
cause poor performance for Fortify ScanCentral DAST. Fortify  
recommends using Azure SQL Server with Fortify ScanCentral  
DAST inside the Azure infrastructure only.  
Micro Focus Fortify Software (23.1.0)  
Page 11 of 64  
 
 
 
System Requirements  
Package  
Versions  
Notes  
Amazon RDS  
for SQL  
Server  
PostgreSQL  
PostgreSQL  
14.5  
Azure  
PostgreSQL  
Amazon RDS  
for  
PostgreSQL  
Database Recommendations  
Fortify recommends that you configure the database server on a separate machine from either Micro  
Focus Fortify Software Security Center or any other Fortify ScanCentral DAST components.  
The Fortify ScanCentral DAST SQL database requires case-insensitive collation.  
Important! This is opposite the requirement for Fortify Software Security Center databases as  
described in "Fortify Software Security Center Database" on page 22.  
Important Recommendation About Disk I/O  
Disk I/O encompasses the input/output operations on a physical disk. If you are reading data from a  
file, the processor must wait for the file to be read (the same applies to writing data to a file). Fortify  
ScanCentral DAST is a high I/O-intensive application, which affects performance. Make sure that your  
disk subsystem provides low read/write latency. Fortify recommends that you monitor disk I/O as the  
database grows.  
Fortify ScanCentral DAST Core Components VM  
This topic describes the hardware and software requirements to run the DAST API, DAST Global  
Service, and DAST Utility Service containers.  
Micro Focus Fortify Software (23.1.0)  
Page 12 of 64  
 
 
 
System Requirements  
Software Requirements  
The DAST API, DAST Global Service, and DAST Utility Service containers run on and work with the  
software packages listed in the following table.  
Software  
Versions  
Windows  
Windows Server 2019  
Red Hat Enterprise Linux (RHEL) 8.x x86_64  
Follow Docker recommendations for the Docker engine version to use for these versions of Windows  
and Red Hat images.  
Hardware Requirements  
Fortify recommends that you use the DAST API, DAST Global Service, and DAST Utility Service  
containers on a system that conforms to the supported components listed in the following table.  
Component  
RAM  
Requirement  
32 GB  
Processor  
8 Core  
Fortify ScanCentral DAST Sensor  
The following options are available for a Fortify ScanCentral DAST sensor:  
l
Use the Fortify WebInspect on Docker image in a container  
l
Use a classic Fortify WebInspect installation with the Fortify ScanCentral DAST sensor service  
Fortify WebInspect on Docker Option  
For system requirements for this option, see "WebInspect on Docker" on page 41.  
Classic Fortify WebInspect Installation Option  
For hardware and software requirements for this option, see "WebInspect Hardware Requirements" on  
page 39 and "WebInspect Software Requirements" on page 39. Additionally, if you plan to conduct  
Postman scans, see "Support for Postman" on page 40.  
Important! When running a Fortify ScanCentral DAST sensor outside of a container, such as a  
sensor service on the same machine as a classic Fortify WebInspect installation, you must install  
the .NET SDK Core Runtime 5.0.202.  
Micro Focus Fortify Software (23.1.0)  
Page 13 of 64  
 
 
 
 
 
System Requirements  
Fortify ScanCentral DAST Ports and Protocols  
This section describes the ports and protocols that the Fortify ScanCentral DAST components use to  
make required and optional connections.  
DAST API Required Connections  
The following table lists the ports and protocols that the DAST API container uses for required  
connections.  
Endpoint  
Port  
Protocol  
Notes  
Fortify Software 80  
Security Center  
HTTP  
If SSL is not configured, the port on the host running  
the container is forwarded to port 80 on the container.  
DAST Global  
Service  
Host port mapping is customizable to the container  
port.  
DAST Sensor  
Service  
Fortify Software 443  
Security Center  
HTTPS  
If SSL is configured, the port on the host running the  
container is forwarded to port 443 on the container.  
DAST Global  
Service  
Host port mapping is customizable to container port.  
DAST Sensor  
Service  
SQL Server,  
Azure SQL  
Server, or  
Amazon RDS for  
SQL Server  
1433  
TCP  
TCP  
This is the default SQL Server port.  
PostgreSQL,  
Azure  
5432  
This is the default PostgreSQL port.  
PostgreSQL, or  
Amazon RDS for  
PostgreSQL  
DAST Global Service Required Connections  
The DAST Global Service does not expose any ports.  
Micro Focus Fortify Software (23.1.0)  
Page 14 of 64  
 
 
 
System Requirements  
The following table lists the ports and protocols that the DAST Global Service container uses for  
required connections.  
Endpoint  
Port  
Protocol  
Notes  
SQL Server,  
Azure SQL  
1433  
TCP  
This is the default SQL Server port.  
Server, or  
Amazon RDS  
for SQL Server  
PostgreSQL,  
Azure  
5432  
TCP  
This is the default PostgreSQL port.  
PostgreSQL, or  
Amazon RDS  
for PostgreSQL  
DAST Sensor Required Connections  
The DAST sensor does not expose any ports.  
The DAST sensor communicates with the DAST API over the port that is exposed on the host running  
the DAST API container.  
DAST Utility Service Required Connections  
The following table lists the ports and protocols that the DAST Utility Service container uses for  
required connections.  
Endpoint  
Port  
Protocol  
Notes  
DAST API  
5000  
HTTP  
If SSL is not configured, the port on the host running  
the container is forwarded to port 5000 on the  
container.  
Host port mapping is customizable to the container  
port.  
DAST API  
5001  
1433  
HTTPS  
TCP  
If SSL is configured, the port on the host running the  
container is forwarded to port 5001 on the container.  
Host port mapping is customizable to container port.  
This is the default SQL Server port.  
SQL Server,  
Azure SQL  
Micro Focus Fortify Software (23.1.0)  
Page 15 of 64  
 
 
System Requirements  
Endpoint  
Port  
Protocol  
Notes  
Server, or  
Amazon RDS for  
SQL Server  
PostgreSQL,  
Azure  
5432  
TCP  
This is the default PostgreSQL port.  
PostgreSQL, or  
Amazon RDS for  
PostgreSQL  
Fortify ScanCentral DAST Browsers  
For Fortify ScanCentral DAST browser requirements, see "Browsers" on page 24 for Fortify Software  
Security Center.  
Standalone Web Macro Recorder Requirements  
Fortify ScanCentral DAST allows you to download and use a standalone version of the Web Macro  
Recorder tool. The Web Macro Recorder tool runs on and works with the software packages listed in  
the following table.  
Package  
Version  
Windows  
Windows 10  
Windows Server 2019  
Running as Administrator  
The standalone Web Macro Recorder tool requires administrative privileges for proper operation of all  
features. Refer to the Windows operating system documentation for instructions on changing the  
privilege level to run the Web Macro Recorder tool as an administrator.  
Software Integrations for Fortify ScanCentral DAST  
The following table lists products that you can integrate with Fortify ScanCentral DAST.  
Product  
Versions  
Micro Focus Fortify Software Security Center 23.1.0  
Kubernetes on Azure  
1.19 or later  
Micro Focus Fortify Software (23.1.0)  
Page 16 of 64  
 
 
 
System Requirements  
Fortify ScanCentral SAST Requirements  
Fortify ScanCentral SAST has three major components: a ScanCentral Controller, ScanCentral clients,  
and ScanCentral sensors.  
Fortify ScanCentral SAST Controller Requirements  
This section describes the hardware and platform requirements for the Fortify ScanCentral SAST  
Controller.  
Fortify ScanCentral SAST Controller Hardware Requirements  
Fortify recommends that you install the Fortify ScanCentral SAST Controller on a high-end 64-bit  
processor running at 2 GHz with at least 8 GB of RAM.  
To estimate the amount of disk space required on the machine that runs the Fortify ScanCentral  
SAST Controller, use one of the following equations:  
Intended Use Equation  
Remote scan  
only  
<num_jobs_per_day> x (<size_avg_MBS> + <size_avg_FPR> + <size_avg_SCA_  
log>) x <number_days_data_is_persisted>  
Remote  
translation  
and scan  
<num_jobs_per_day> x (<size_avg_archived_project_with_dependencies> + <size_  
avg_FPR> + <size_avg_SCA_log>) x <num_days_data_is_persisted>  
By default, data is persisted for seven days.  
Fortify ScanCentral SAST Controller Platforms and Architectures  
The Fortify ScanCentral SAST Controller supports the platforms and architectures listed in the  
following table.  
Operating  
System  
Versions  
Windows  
Server 2016  
Server 2019  
Server 2022  
Micro Focus Fortify Software (23.1.0)  
Page 17 of 64  
 
 
 
 
System Requirements  
Operating  
System  
Versions  
Linux  
Red Hat Enterprise Linux 7.x, 8  
SUSE Linux Enterprise Server 15  
Fortify ScanCentral SAST Controller Application Server  
The Micro Focus Fortify ScanCentral SAST Controller supports Apache Tomcat version 9.x running on  
JRE 11.  
Fortify ScanCentral SAST Client and Sensor Requirements  
This section describes the requirements for the Fortify ScanCentral SAST clients and sensors.  
Fortify ScanCentral SAST Client and Sensor Hardware Requirements  
Micro Focus Fortify ScanCentral SAST clients and sensors run on any machine that supports Micro  
Focus Fortify Static Code Analyzer. Fortify ScanCentral SAST clients and sensors are installed on  
build machines that run Micro Focus Fortify Static Code Analyzer. See "Fortify Static Code Analyzer  
Requirements" on page 26 for hardware, platform, and architecture requirements.  
Sensor Disk Space Requirements  
To estimate the amount of disk space required on the machine that runs a Fortify ScanCentral SAST  
sensor, use one of the following equations:  
Intended  
Use  
Equation  
Remote scan <num_of_scans> x (<size_avg_MBS> + <size_avg_FPR> + <size_avg_SCA_log>) x  
only  
<num_days_data_is_persisted>  
Remote  
translation  
and scan  
<num_jobs_per_day> x (<size_avg_archived_project_with_dependencies> + <size_  
avg_project_with_dependencies> + <size_avg_FPR> + <size_avg_SCA_log>) x  
<number_days_data_is_persisted>  
By default, data is persisted for seven days.  
Fortify ScanCentral SAST Client and Sensor Software Requirements  
Fortify ScanCentral SAST clients and sensors are installed on build machines that run Micro Focus  
Fortify Static Code Analyzer. See "Software Requirements" on page 26 for the software requirements.  
Fortify ScanCentral SAST standalone clients require Java 11.  
Micro Focus Fortify Software (23.1.0)  
Page 18 of 64  
 
 
 
 
 
System Requirements  
Fortify ScanCentral SAST Sensor Languages and Build Tools  
Micro Focus Fortify ScanCentral SAST supports offloading the translation phase of the analysis to  
ScanCentral SAST sensors for the languages and build tools described in this section.  
Languages  
Fortify ScanCentral SAST supports offloading translation to ScanCentral sensors for the following  
languages. See "Languages" on page 27 for specific supported versions.  
l
.NET applications in C# and Visual Basic (VB.NET) (.NET Core, .NET Standard, ASP.NET)  
Note:  
l
Packaging of .NET applications is supported only on Windows systems.  
l
Translation of .NET applications requires .NET Framework version 4.8 or later. Although  
23.1.0 sensors require .NET 4.8 to successfully translate .NET projects, they will still run  
scans on .NET 4.7.2, which can result in problems. Make sure that .NET 4.8 is installed.  
l
ABAP  
l
Apex  
l
Classic ASP  
l
ColdFusion  
l
Dockerfiles  
l
Go  
l
Java  
l
JavaScript  
l
Kotlin  
l
PHP  
l
PL/SQL  
l
Python  
l
Ruby  
l
T-SQL  
l
TypeScript  
l
Visual Basic 6.0  
Build Tools  
Fortify ScanCentral SAST supports the build tools listed in the following table.  
Build Tool  
Versions  
Gradle  
5.0–7.3  
Micro Focus Fortify Software (23.1.0)  
Page 19 of 64  
 
 
System Requirements  
Build Tool  
Maven  
Versions  
3.5.x, 3.6.x, 3.8.x, 3.9.x  
MSBuild  
14.0, 15.x, 16.x, 17.0, 17.1, 17.2  
Fortify Software Security Center Server  
Requirements  
This section describes the system requirements for the Fortify Software Security Center server.  
Hardware Requirements  
Fortify Software Security Center requires the hardware specifications listed in the following table.  
Minimum  
Required  
Minimum  
Recommended  
Component  
Java heap size  
Processor  
RAM  
Application server  
Database server  
4 GB  
24 GB  
Quad-core  
8 GB  
Eight-core  
64 GB  
Database Hardware Requirements  
Fortify recommends an eight-core processor with 64 GB of RAM for the Fortify Software Security  
Center database. Using less than this recommendation can impact Fortify Software Security Center  
performance.  
Use the following formula to estimate the size (in GB) of the Fortify Software Security Center  
database disk space:  
((<num_issues>*30 KB) + <size_of_artifacts>) ÷ 1,000,000  
where:  
l
<num_issues> represents the total number of issues in the system  
l
<size_of_artifacts> represents the total size in KB of all uploaded artifacts and analysis results  
Note: This formula produces only a rough estimate for database disk space allocation. Do not use  
it to estimate disk space requirements for long-term projects. Disk requirements for Fortify  
Software Security Center databases increases in proportion to the number of projects, scans, and  
issues in the system.  
Micro Focus Fortify Software (23.1.0)  
Page 20 of 64  
 
 
 
System Requirements  
Database Performance Metrics for Minimum and Recommended Hardware  
Requirements  
The following table shows performance metrics (number of issues discovered per hour) for Fortify  
Software Security Center configured with the minimum and the recommended hardware  
requirements.  
Issues per Hour  
Issues per Hour  
Database  
MySQL  
Minimum Configuration  
Recommended Configuration  
362,514  
231,392  
725,028  
2,589,385  
3,020,950  
3,625,140  
Oracle  
SQL Server  
Platforms and Architectures  
Fortify Software Security Center supports the platforms and architectures listed in the following table.  
Operating  
System  
Versions  
Windows  
Server 2016  
Server 2019  
Server 2022  
Linux  
Red Hat Enterprise Linux 7.x, 8  
SUSE Linux Enterprise Server 15  
Note: Although Fortify Software Security Center has not been tested on all Linux variants, most  
distributions are not known to have issues.  
Application Servers  
Fortify Software Security Center supports Apache Tomcat version 9.x for the following JDK versions:  
l
Oracle JDK 11  
l
Red Hat OpenJDK 11  
l
SUSE OpenJDK 11  
l
Zulu OpenJDK 11 from Azul  
Micro Focus Fortify Software (23.1.0)  
Page 21 of 64  
 
 
 
System Requirements  
Fortify only supports the deployment of a single Fortify Software Security Center instance.  
Furthermore, that instance must not be behind a load balancer.  
Fortify Software Security Center Database  
Fortify Software Security Center requires that all database schema collations are case-sensitive.  
Caution! Fortify Software Security Center does not support MySQL or Oracle in the cloud.  
Important! Disk I/O encompasses the input/output operations on a physical disk. If you are  
reading data from a file on a disk, the processor must wait for the file to be read (the same applies  
to writing data to a file). Fortify Software Security Center is a high I/O-intensive application, which  
affects performance. Make sure that your disk subsystem provides low read/write latency. Fortify  
recommends that you monitor disk I/O as the database grows.  
Fortify Software Security Center supports the databases listed in the following table.  
Collation /  
Database  
Versions  
Character Sets  
Driver  
MySQL  
8.0  
(Community  
Edition)  
latin1_general_cs  
and utf8_bin  
The driver is included in the Fortify Software  
Security Center WAR file.  
Oracle  
12c Release 2 AL32UTF8 for all  
The Oracle Database 21c JDBC driver is  
included in the Fortify Software Security  
Center WAR file.  
languages  
19c (18.3)  
WE8MSWIN1252  
for US English  
SQL  
Server  
2017  
2019  
SQL_Latin1_  
General_CP1_CS_  
AS  
The Microsoft JDBC Driver 9.2 for SQL  
Server is included in the Fortify Software  
Security Center WAR file.  
AWS SQL  
Server  
Azure SQL  
Server  
Note: Fortify does not support the direct conversion from one database server type to another,  
such as converting from MySQL to Oracle. To do this, you must use the Server API to move data  
from your current Fortify Software Security Center instance to a new Fortify Software Security  
Center instance that uses the database server type you want to use going forward. Professional  
Services can assist you with this process.  
Micro Focus Fortify Software (23.1.0)  
Page 22 of 64  
 
System Requirements  
Deploying Fortify Software Security Center to a Kubernetes  
Cluster (Optional Deployment Strategy)  
If you plan to deploy Fortify Software Security Center on a Kubernetes cluster, you must make sure  
that the following requirements are met.  
Kubernetes Cluster Requirements  
The following are the minimum requirements for the default installation.  
l
Kubernetes versions 1.23, 1.24, 1.25, 1.26  
l
Kubernetes Persistent Volumes with optional support for Pod Security Context fsGroup option  
(fsGroup support is required for using a non-default container user ID.)  
l
Kubernetes LoadBalancer Service Type (Recommended)  
l
28 GB of available RAM and 8 CPUs on a single Kubernetes node  
l
4 GiB of storage for persistent volume  
Locally-Installed Tools Required  
l
A kubectl command-line tool - Fortify recommends that you use the same kubectl command-line  
tool version as the Kubernetes cluster version (1.23, 1.24, 1.25, 1.26), or follow the Kubernetes  
version skew policy (see https://kubernetes.io/releases/version-skew-policy).  
l
Helm command-line tool, versions 3.9, 3.10, 3.11. To determine which Helm command-line tool  
version matches your Kubernetes cluster version, see the Helm Version Support Policy  
(https://helm.sh/docs/topics/version_skew).  
l
(Recommended) A Docker client and server installation (any version)  
Additional Requirements  
l
Kubeconfig file for the Kubernetes cluster  
l
Docker Hub account with access to Fortify Software Security Center images  
Note: If you need access to Fortify Docker Organization on Docker Hub, contact  
fortifydocker@microfocus.com with your first name, your last name, and your Docker account  
name. Fortify will then give you access to the Fortify Docker organization that contains the  
Fortify Software Security Center images.  
l
DNS name for the Fortify Software Security Center web application (address used to access the  
service)  
Micro Focus Fortify Software (23.1.0)  
Page 23 of 64  
 
 
 
 
System Requirements  
l
Java keystore for setting up HTTPS (For details, see the Fortify Software Security Center User  
Guide.) The keystore must contain a CA certificate and a server certificate for the Fortify Software  
Security Center DNS name with an associated private key.  
l
Keystore password  
l
Private key password  
l
An installed MySQL, Oracle, or SQL Server for the database server  
l
Database server host name  
l
Name of the Fortify Software Security Center database  
l
Username and password for an account that has permission to manage the Fortify Software  
Security Center schema and data  
l
Fortify Software Security Center license  
Browsers  
Fortify recommends that you use one of the browsers listed in the following table and a screen  
resolution of 1400 x 800.  
Browser  
Version  
Google Chrome  
Microsoft Edge  
Mozilla Firefox  
Safari  
90 or later  
90 or later  
91 or later  
14 or later  
Authentication Systems  
Fortify Software Security Center supports the following directory services:  
l
LDAP: LDAP 3 compatible  
Important! Although Fortify supports the use of multiple LDAP servers, it does not support  
the use of multiple LDAP servers behind a load balancer unless they are exact copies.  
l
Windows Active Directory Service  
Single Sign-On (SSO)  
Fortify Software Security Center supports:  
l
Central Authorization Server (CAS) SSO  
l
HTTP Headers SSO (Oracle SSO, CA SSO)  
Micro Focus Fortify Software (23.1.0)  
Page 24 of 64  
 
 
 
System Requirements  
l
SAML 2.0 SSO  
l
SPNEGO/Kerberos SSO  
l
X.509 SSO  
BIRT Reporting  
Fortify Software Security Center custom reports support BIRT Report Designer version 4.9.0.  
(Linux with OpenJDK only) Installing Required Fonts  
If your Fortify Software Security Center server is installed on a Linux system, and you are running  
OpenJDK, you must install the fontconfig library, DejaVu Sans fonts, and DejaVu serif fonts on the  
server to enable users to successfully generate reports. Otherwise, report generation will fail. If you  
need to, you can download these fonts from https://github.com/dejavu-fonts/dejavu-fonts.  
(Non-GUI Linux Operating System only) Installing Required Libraries  
If you are using a non-GUI Linux operating system, you must install the GTK and X Window System  
(X11) libraries to successfully generate reports.  
Service Integrations for Fortify Software Security Center  
Fortify Software Security Center supports the service integrations listed in the following table.  
Service  
Application  
Versions  
Bug tracking  
Application Lifecycle Management (ALM)/  
Quality Center Enterprise (QC)  
12.50  
Azure DevOps  
n/a  
Note: Only basic user password authentication is  
supported.  
Azure DevOps Server  
2019,  
2020  
Bugzilla  
5.0.x  
8.13  
Jira  
Jira Cloud  
n/a  
Dynamic assessments  
Fortify WebInspect Enterprise  
Fortify ScanCentral DAST  
23.1.x  
23.1.x  
Micro Focus Fortify Software (23.1.0)  
Page 25 of 64  
 
 
 
 
System Requirements  
Fortify Static Code Analyzer Requirements  
This section describes the system requirements for Fortify Static Code Analyzer.  
Hardware Requirements  
Fortify recommends that you install Micro Focus Fortify Static Code Analyzer on a high-end processor  
with the hardware requirements described in the following table.  
RAM  
Processor  
Programming Language to Analyze  
16 GB Quad-core  
32 GB Eight-core  
Non-dynamic languages  
Dynamic languages such as JavaScript, TypeScript, Python, PHP, and  
Ruby  
Increasing the number of processor cores and RAM both result in faster processing. If your software is  
complex, you might require more RAM or processors. See the information about improving  
performance in the Micro Focus Fortify Static Code Analyzer User Guide for recommendations.  
Software Requirements  
Micro Focus Fortify Static Code Analyzer requires Java 11. The Fortify Static Code Analyzer  
installation includes an embedded OpenJDK/JRE version 11.0.18.  
Operating  
Language  
Requirement  
System  
Visual Studio, MSBuild,  
or .NET projects  
.NET Framework 4.8 or later  
.NET 6.0  
Windows  
Windows  
Linux  
ABAP/BSP  
COBOL  
Fortify ABAP Extractor is supported on a system  
running SAP release 7.02, SP level 0006.  
Microsoft Visual C++ 2017 Redistributable (x86)  
Windows  
Note: This is not a requirement for Legacy COBOL  
analysis.  
Micro Focus Fortify Software (23.1.0)  
Page 26 of 64  
 
 
 
System Requirements  
Operating  
System  
Language  
Requirement  
Scala  
Scala Fortify compiler plugin available in the Maven  
Central Repository  
All  
Platforms and Architectures  
Fortify Static Code Analyzer supports the platforms and architectures listed in the following table.  
Operating System  
Platforms / Versions  
Windows  
Windows 10, 11  
Windows Server 2016, 2019, 2022  
Linux  
CentOS Linux 7.x (7.6 or later)  
Red Hat Enterprise Linux 7.x (7.2 or later), 8.x (8.2 or later), 9.x  
SUSE Linux Enterprise Server 15  
Ubuntu 20.04.1 LTS, 22.04.1 LTS  
macOS  
AIX  
12, 13  
7.1  
Important! You must have the IBM XL C/C++ for AIX 16.1 Runtime  
environment package installed.  
Solaris SPARC  
Solaris x64  
11.3  
11.4  
Languages  
Micro Focus Fortify Static Code Analyzer supports the programming languages listed in the following  
table.  
Language /  
Framework  
Versions  
.NET  
5.0, 6.0, 7  
Micro Focus Fortify Software (23.1.0)  
Page 27 of 64  
 
 
System Requirements  
Language /  
Framework  
Versions  
.NET Core  
.NET Framework  
ABAP/BSP  
ActionScript  
Apex  
2.0–3.1  
2.0–4.8  
6
3.0  
55, 56, 57  
C#  
5, 6, 7, 8, 9, 10, 11  
C/C++  
C11, C++11, C++14, C++17, C++20 (see "Compilers" on page 34)  
2.0, 3.0  
Classic ASP  
(with VBScript)  
COBOL  
IBM Enterprise COBOL for z/OS 6.1 (or earlier), 6.2, and 6.3 with CICS, IMS,  
DB2, and IBM MQ  
Visual COBOL 6.0, 7.0, 8.0  
8, 9, 10  
ColdFusion  
Dart  
2.12–2.18  
Docker (Dockerfiles) any  
Flutter  
Go  
2.0–3.3  
1.12–1.19  
Note: Fortify Static Code Analyzer supports analyzing Go code on  
Windows and Linux.  
HCL  
2.0  
Note: HCL language support is specific to Terraform and supported  
cloud provider Infrastructure as Code (IaC) configurations.  
HTML  
Java  
5 or earlier  
7, 8, 9, 10, 11, 12, 13, 14, 17  
Micro Focus Fortify Software (23.1.0)  
Page 28 of 64  
System Requirements  
Language /  
Framework  
Versions  
(including Android)  
JavaScript  
JSON  
ECMAScript 2015–2022  
ECMA-404  
JSP  
1.2, 2.1  
Kotlin  
1.3, 1.4, 1.5, 1.6, 1.7  
MXML (Flex)  
Objective-C/C++  
PHP  
4
2.0 (see "Compilers" on page 34)  
7.3, 7.4, 8.0, 8.1, 8.2  
PL/SQL  
Python  
8.1.6  
2.6, 2.7, 3.0–3.11  
Ruby  
1.9.3  
Scala  
2.11, 2.12, 2.13  
Swift  
5 (see "Compilers" on page 34 for supported swiftc versions)  
T-SQL  
SQL Server 2005, 2008, 2012  
2.8, 3.x, 4.x  
TypeScript  
VBScript  
2.0, 5.0  
Visual Basic  
(VB.NET)  
11, 14, 15.x, 16.0  
Visual Basic  
XML  
6.0  
1.0  
1.2  
YAML  
Libraries, Frameworks, and Technologies  
Micro Focus Fortify Static Code Analyzer supports the libraries, frameworks, and technologies listed in  
this section with dedicated Fortify Secure Coding Rulepacks and vulnerability coverage beyond core  
Micro Focus Fortify Software (23.1.0)  
Page 29 of 64  
 
System Requirements  
supported languages.  
Java  
Adobe Flex Blaze DS  
Ajanta  
Apache Spring  
Hibernate  
iBatis  
MongoDB  
Spring, Spring MVC  
Spring Boot  
Security (Acegi)  
Apache Struts  
Apache Tapestry  
Apache Tomcat  
Apache Torque  
Apache Util  
Mozilla Rhino  
MyBatis  
Amazon Web Services  
(AWS) SDK  
IBM MQ  
Spring Data Commons  
Spring Data JPA  
Spring Data MongoDB  
Spring Data Redis  
Spring HATEOAS  
Spring JMS  
IBM WebSphere  
Jackson  
Netscape LDAP API  
OpenCSV  
Apache Axiom  
Apache Axis  
Apache Beam  
Jakarta Activation  
Jakarta EE (Java EE)  
Java Annotations  
Java Excel API  
JavaMail  
Oracle Application  
Development  
Framework (ADF)  
Apache Beehive NetUI Apache Velocity  
Oracle BC4J  
Apache Catalina  
Apache Cocoon  
Apache Commons  
Apache ECS  
Apache Wicket  
Apache Xalan  
Apache Xerces  
ATG Dynamo  
Azure SDK  
Spring JMX  
Oracle JDBC  
Spring Messaging  
Spring Security  
Spring Webflow  
Spring WebSockets  
Spring WS  
Oracle OA Framework  
Oracle tcDataSet  
JAX-RS  
JAXB  
Oracle XML Developer  
Kit (XDK)  
Apache Hadoop  
Jaxen  
Apache  
HttpComponents  
Castor  
JBoss  
OWASP Enterprise  
Security API (ESAPI)  
Display Tag  
Dom4j  
JDesktop  
JDOM  
Stripes  
Apache Jasper  
Apache Log4j  
Apache Lucene  
Apache MyFaces  
Apache OGNL  
Apache ORO  
Apache POI  
OWASP HTML  
Sanitizer  
Sun JavaServer Faces  
(JSF)  
GDS AntiXSS  
Google Android  
Google Cloud  
Google Dataflow  
Google Guava  
Google Web Toolkit  
gRPC  
Jetty  
OWASP Java Encoder  
Plexus Archiver  
Realm  
Tungsten  
JGroups  
Weblogic  
json-simple  
JTidy Servlet  
JXTA  
WebSocket  
XStream  
Restlet  
SAP Web Dynpro  
Saxon  
YamlBeans  
ZeroTurnaround ZIP  
Zip4J  
JYaml  
Apache SLF4J  
Apache Slide  
Liferay Portal  
SnakeYAML  
Gson  
Kotlin  
Kotlin support includes all libraries covered for Java and the following Kotlin libraries.  
Kotlin standard library  
Scala  
Scala support includes all libraries covered for Java and the following Scala libraries.  
Akka HTTP  
Scala Play  
Scala Slick  
Micro Focus Fortify Software (23.1.0)  
Page 30 of 64  
System Requirements  
.NET  
.NET Framework, .NET ASP.NET Web API  
Core, and .NET  
Azure SDK  
Standard  
Hot Chocolate  
MongoDB  
SharePoint Services  
SharpCompress  
SharpZipLib  
IBM Informix .NET  
Provider  
MySQL  
Connector/NET  
Castle ActiveRecord  
.NET WebSockets  
Json.NET Log4Net  
NHibernate  
NLog  
CsvHelper  
SQLite .NET Provider  
SubSonic  
ADO.NET Entity  
Microsoft  
ApplicationBlocks  
Dapper  
Framework  
Npgsql  
DB2 .NET Provider  
DotNetZip  
Sybase ASE ADO.NET  
Data Provider  
ADODB  
Microsoft My  
Framework  
Open XML SDK  
Amazon Web Services  
(AWS) SDK  
Oracle Data Provider  
for .NET  
Xamarin  
Entity Framework Core  
fastJSON  
Microsoft Practices  
Enterprise Library  
Xamarin Forms  
YamlDotNet  
ASP.NET MVC  
OWASP AntiSamy  
Saxon  
ASP.NET SignalR  
Microsoft Web  
Protection Library  
C
ActiveDirectory LDAP CURL Library  
Apple System Logging GLib  
MySQL  
OpenSSL  
Sun RPC  
WinAPI  
Netscape LDAP  
ODBC  
POSIX Threads  
SQLite  
(ASL)  
JNI  
C++  
Boost Smart Pointers  
MFC  
STL  
WMI  
SQL  
Oracle ModPLSQL  
PHP  
ADOdb  
PHP Debug  
PHP DOM  
PHP Mcrypt  
PHP Mhash  
PHP Mysql  
PHP OCI8  
PHP OpenSSL  
PHP Smarty  
PHP XML  
Advanced PHP  
Debugging  
PHP PostgreSQL  
PHP Reflection  
PHP SimpleXML  
PHP Extension  
PHP Hash  
PHP XMLReader  
PHP Zend  
CakePHP  
Micro Focus Fortify Software (23.1.0)  
Page 31 of 64  
System Requirements  
JavaScript/TypeScript/HTML5  
Angular  
Helmet  
Node.js Azure Storage React Native Async  
Storage  
Underscore.js  
Vue  
Apollo Server  
Express JS  
GraphQL.js  
Handlebars  
iOS JavaScript Bridge Node.js Core  
React Router  
SAPUI5/OpenUI5  
Sequelize  
jQuery  
React  
JS-YAML  
Mustache  
React Native  
Python  
aiopg  
Google Cloud  
lxml  
pycrypto  
pycurl  
simplejson  
six  
Amazon Web Services Graphene  
(AWS) Lambda  
memcache-client  
_mysql  
gRPC  
pylibmc  
PyMongo  
PyYAML  
requests  
Twisted Mail  
urllib3  
Azure Functions  
httplib2  
Django  
MySQLdb  
oslo.config  
psycopg2  
Jinja2  
WebKit  
Flask  
libxml2  
Ruby  
MySQL  
pg  
Rack  
Thor  
SQLite  
Objective-C  
AFNetworking  
Apple CoreFoundation Apple  
Apple  
SBJson  
LocalAuthentication  
WatchConnectivity  
Apple AddressBook  
Apple AppKit  
Apple CoreLocation  
Apple CoreServices  
Apple CoreTelephony  
Apple Foundation  
SFHFKeychainUtils  
SSZipArchive  
ZipArchive  
ZipUtilities  
ZipZap  
Apple MessageUI  
Apple Security  
Apple Social  
Apple WatchKit  
Apple WebKit  
Hpple  
Apple CFNetwork  
Apple ClockKit  
Apple UIKit  
Objective-Zip  
Realm  
Apple CommonCrypto Apple HealthKit  
Apple CoreData  
Swift  
Alamofire  
Apple CoreFoundation Apple MessageUI  
Apple WatchKit  
Apple WebKit  
Hpple  
Zip  
Apple AddressBook  
Apple CFNetwork  
Apple ClockKit  
Apple CoreLocation  
Apple Foundation  
Apple HealthKit  
Apple Security  
Apple Social  
Apple SwiftUI  
Apple UIKit  
ZipArchive  
ZIPFoundation  
ZipUtilities  
ZipZap  
Realm  
Apple CommonCrypto Apple  
SQLite  
LocalAuthentication  
Apple CoreData  
Apple  
SSZipArchive  
WatchConnectivity  
Micro Focus Fortify Software (23.1.0)  
Page 32 of 64  
System Requirements  
COBOL  
Auditor  
CICS  
Micro Focus  
COBOL Run-time  
System  
POSIX  
SQL  
DLI  
MQ  
Go  
GORM  
logrus  
gRPC  
Configuration  
.NET Configuration  
Docker Configuration Java Apache Struts  
Java OWASP  
AntiSamy  
OpenAPI Specification  
(Dockerfiles)  
Adobe Flex  
(ActionScript)  
Configuration  
Java Apache Tomcat  
Oracle Application  
Development  
Framework (ADF)  
GitHub Actions  
Configuration  
Java Spring and  
Spring MVC  
Google Android  
Configuration  
Java Blaze DS  
Ajax Frameworks  
Java Spring Boot  
Java Spring Mail  
Java Spring Security  
Java Spring  
PHP Configuration  
PHP WordPress  
Java Hibernate  
Configuration  
Amazon Web Service  
(AWS)  
iOS Property List  
J2EE Configuration  
Java Apache Axis  
Java iBatis  
Configuration  
Silverlight  
Configuration  
Ansible  
AWS CloudFormation  
Java IBM WebSphere WebSockets  
Terraform (AWS,  
Azure, GCP)  
Java Apache Log4j  
Configuration  
Azure Resource  
Manager (ARM)  
Java MyBatis  
Configuration  
Java Weblogic  
Kubernetes  
Mule  
WS-SecurityPolicy  
XML Schema  
Java Apache Spring  
Security (Acegi)  
Build Management  
Secrets  
1Password  
Amazon  
Irssi  
NuGet  
Secure Shell Protocol (SSH)  
KeyStore  
KeePass  
OpenVPN  
SendGrid  
Slack  
Artifactory  
Bash Scripts  
BitLocker  
Bcrypt  
Password Safe  
Keychain  
KWallet  
PayPal/Braintree  
Postman  
SonarQube  
SQL  
LinkedIn  
Pretty Good Privacy (PGP)  
PostgreSQL  
Square  
Code Climate  
Facebook  
GitHub  
Mailchimp  
Mailgun  
StackHawk  
Stripe  
PuTTY  
Microsoft Outlook webhook  
Mutt  
PyPI  
Terraform  
Twilio  
Gnome Keyring  
Remote Desktop Protocol  
Micro Focus Fortify Software (23.1.0)  
Page 33 of 64  
System Requirements  
Google  
Heroku  
HexChat  
MySQL  
netrc  
npm  
(RDP)  
Twitter  
Ruby/Ruby on Rails  
Sauce Labs  
Build Tools  
Fortify Static Code Analyzer supports the build tools listed in the following table.  
Build Tool  
Ant  
Versions  
Notes  
1.10.x or earlier  
5.0–7.4.x, 8.0.x  
Gradle  
The Fortify Static Code Analyzer Gradle build  
integration supports the following  
language/platform combinations:  
l
Java/Windows, Linux, and macOS  
l
Kotlin/Windows and Linux  
l
C/Linux  
l
C++/Linux  
Maven  
3.0.5, 3.5.x, 3.6.x, 3.8.x, 3.9.x  
14.0, 15.x, 16.x, 17.0–17.5  
MSBuild  
The MSBuild integration is supported on Windows  
and Linux.  
Xcodebuild  
13.2, 13.2.1, 13.3, 13.3.1,  
13.4, 13.4.1, 14, 14.0.1, 14.1,  
14.2, 14.3  
Compilers  
Fortify Static Code Analyzer supports the compilers listed in the following table.  
Compiler  
Versions  
Operating Systems  
gcc  
GNU gcc 6.x–10.4, 11  
GNU gcc 4.9, 5.x  
GNU g++ 6.x–10.4, 11  
GNU g++ 4.9, 5.x  
Windows, Linux, macOS  
Windows, Linux, macOS, AIX, Solaris  
Windows, Linux, macOS  
g++  
Windows, Linux, macOS, AIX, Solaris  
Micro Focus Fortify Software (23.1.0)  
Page 34 of 64  
 
 
System Requirements  
Compiler  
Versions  
Operating Systems  
Windows, Linux, macOS, AIX, Solaris  
Windows, Linux, macOS  
Windows  
OpenJDK javac  
Oracle javac  
cl (MSVC)  
Clang  
9, 10, 11, 12, 13, 14, 17  
7, 8, 9  
2015, 2017, 2019, 2022  
1
2
2
13.0.0 , 13.1.6, 14.0.0, 14.0.3  
macOS  
Note:  
Swiftc  
5.5.2, 5.6, 5.6.1, 5.7, 5.7.1, 5.8  
macOS  
1
2
Clang 13.0.0 is only supported when used with Xcode 13.2 and 13.2.1 as part of an Xcode project.  
Fortify Static Code Analyzer supports applications built in the following Xcode versions: 13.2, 13.2.1,  
13.3, 13.3.1, 13.4, 13.4.1, 14, 14.0.1, 14.1, 14.2, 14.3.  
Fortify Software Security Content  
Fortify Secure Coding Rulepacks are backward compatible with all supported Fortify Software  
versions. This ensures that Rulepack updates do not break any working Fortify Software installation.  
Fortify Static Code Analyzer Applications and Tools  
Requirements  
This section describes the system requirements for Fortify Static Code Analyzer applications and  
tools.  
Hardware Requirements  
Fortify Static Code Analyzer applications and tools require a system with at least 8 GB of RAM. In  
addition, Fortify Static Code Analyzer applications used to perform code analysis have the same  
hardware requirements as Fortify Static Code Analyzer (see "Hardware Requirements" on page 26).  
Software Requirements  
Fortify Static Code Analyzer applications and tools require Java 11. The Fortify Applications and  
Tools installation includes an embedded OpenJDK/JRE version 11.0.18.  
To run Fortify Audit Workbench, Fortify Custom Rules Editor, or Fortify Scan Wizard remotely from a  
local server, you must use a remote desktop connection such as Virtual Network Computing (VNC) or  
Micro Focus Fortify Software (23.1.0)  
Page 35 of 64  
 
 
 
 
System Requirements  
Windows Remote Desktop Connection. Do not use X Window System (X11) forwarding to access  
these Fortify Static Code Analyzer applications from a remote server.  
Platforms and Architectures  
Fortify Static Code Analyzer applications and tools support the platforms and architectures listed in  
the following table.  
Operating System  
Windows  
Platforms / Versions  
10, 11  
Linux  
Red Hat Enterprise Linux 7.x, 8  
SUSE Linux Enterprise Server 15  
Important! Fortify Audit Workbench, Fortify Custom Rules Editor, and  
Fortify Scan Wizard require GTK version 3.22 or later. Some platform  
versions include this requirement such as Red Hat Enterprise Linux 7.4  
and later.  
macOS  
11, 12, 13  
Service Integrations for Fortify Applications and Tools  
The following table lists the supported service integrations for Fortify Audit Workbench and the  
Fortify Secure Code Plugins.  
Service  
Versions  
Supported Application  
Application Lifecycle Management (ALM)/  
Quality Center  
12.50  
Fortify Audit Workbench  
Fortify Plugin for Eclipse  
Azure DevOps Server  
2019,  
2020  
Fortify Audit Workbench  
Fortify Plugin for Eclipse  
Fortify Extension for Visual  
Studio  
Azure DevOps  
n/a  
Fortify Audit Workbench  
Fortify Plugin for Eclipse  
Note: Only basic user password authentication is  
supported.  
Micro Focus Fortify Software (23.1.0)  
Page 36 of 64  
 
 
System Requirements  
Service  
Versions  
Supported Application  
Bugzilla  
5.0.x  
Fortify Audit Workbench  
Fortify Plugin for Eclipse  
Fortify Extension for Visual  
Studio  
Jira  
8.13  
n/a  
Fortify Audit Workbench  
Fortify Plugin for Eclipse  
Jira Cloud  
Fortify Audit Workbench  
Fortify Plugin for Eclipse  
Fortify Software Security Center Bug Tracker  
23.1.0  
Fortify Audit Workbench  
Fortify Plugin for Eclipse  
Fortify Extension for Visual  
Studio  
Secure Code Plugins  
The following table lists the supported integrated development environments (IDE) for the Fortify  
Secure Code Plugins.  
Secure Code Plugin IDE  
Versions  
Notes  
Fortify Plugin for  
Eclipse  
Eclipse  
2020-x  
2021-x,  
2022-x  
2023-03  
Fortify Analysis  
Plugin for IntelliJ  
IDEA and Android  
Studio  
IntelliJ  
IDEA  
2020.x  
2021.x  
2022.x  
2023.1  
Android  
Studio  
2020.x  
2021.x  
2022.1  
Micro Focus Fortify Software (23.1.0)  
Page 37 of 64  
 
System Requirements  
Secure Code Plugin IDE  
Versions  
Notes  
Fortify Extension for Visual  
2017  
2019  
2022  
Visual Studio Community, Professional, and  
Enterprise editions for Windows are supported.  
For supported MSBuild versions, see "Build  
Tools" on page 34.  
Visual Studio  
Studio  
Single Sign-On (SSO)  
Fortify Audit Workbench, the Fortify Plugin for Eclipse, and the Fortify Extension for Visual Studio  
support the following SSO methods to connect with Fortify Software Security Center:  
l
SPNEGO/Kerberos SSO  
Supported on Windows only.  
l
X.509 SSO  
Note: Fortify Audit Workbench and the Secure Code Plugins can use token-based authentication  
with Fortify Software Security Center, which removes the requirement to configure SSO directly.  
BIRT Reports  
To generate BIRT reports on a Linux system from the Secure Code Plugins or the  
BIRTReportGenerator utility, you must install fontconfig, DejaVu Sans fonts, and DejaVu serif fonts on  
the server.  
To run the BIRTReportGenerator utility in a Linux Docker container, you must have the X Window  
System (X11) libraries installed in the image. The X11 libraries provide the graphical user interface  
API that BIRT requires for data visualization.  
Red Hat Enterprise and CentOS Example:  
yum -y install xorg-x11-xauth xorg-x11-fonts-* xorg-x11-utils  
Ubuntu Example:  
apt-get install x11-apps  
Fortify WebInspect Requirements  
Before you install Micro Focus Fortify WebInspect, make sure that your system meets the  
requirements described in this section. Fortify does not support beta or pre-release versions of  
operating systems, service packs, or required third-party components.  
Micro Focus Fortify Software (23.1.0)  
Page 38 of 64  
 
 
 
System Requirements  
WebInspect Hardware Requirements  
Fortify recommends that you install Micro Focus Fortify WebInspect on a system that conforms to the  
supported components listed in the following table.  
Component  
Requirement  
Notes  
Processor  
2.5 GHz quad-  
core or faster  
Complex applications might benefit from additional cores.  
RAM  
16 GB  
Complex applications might benefit from additional memory.  
Fortify recommends 32 GB of memory to scan with single-  
page application (SPA) support.  
Hard disk  
Display  
40 GB  
Using SQL Express and storing scans locally requires  
additional disk space per scan.  
1280 x 1024  
WebInspect Software Requirements  
Micro Focus Fortify WebInspect runs on and works with the software packages listed in the following  
table.  
Package  
Versions  
Notes  
Windows  
Windows 10  
Recommended  
Important! Not all builds of Windows 10  
support .NET Framework 4.8. Refer to  
Microsoft’s website to identify Windows 10  
builds that support .NET Framework 4.8.  
Windows 11  
This version is required for conducting scans of  
gRPC APIs.  
Windows Server 2019  
Windows Server 2022  
.NET Framework 4.8  
.NET Platform  
Micro Focus Fortify Software (23.1.0)  
Page 39 of 64  
 
 
System Requirements  
Package  
Versions  
Notes  
SQL Server  
SQL Server 2019  
Recommended  
(English-language  
versions only)  
No scan database limit  
SQL Server 2022  
Azure SQL Server  
No scan database limit  
Using Azure SQL Server outside the Azure  
infrastructure may cause poor performance for  
Fortify WebInspect. Fortify recommends using  
Azure SQL Server with Fortify WebInspect  
inside the Azure infrastructure only.  
SQL Server Express  
SQL Server 2019  
Express  
Recommended  
(English-language  
versions only)  
10 GB scan database limit  
SQL Server 2022  
Express  
10 GB scan database limit  
10 GB scan database limit  
10 GB scan database limit  
SQL Server 2017  
Express  
SQL Server 2016  
Express SP2  
Portable Document  
Format  
Adobe Acrobat Reader Recommended  
11  
Adobe Acrobat Reader Minimum  
8.1.2  
Support for Postman  
A Postman collection version 2.0 or 2.1 is required to conduct scans in Fortify WebInspect.  
Additionally, you must install the following third-party software on the machine where Fortify  
WebInspect is installed:  
l
Newman command-line collection runner 4.5.1 or later  
Important! You must install Newman globally rather than locally. You can do this by adding a  
-goption to the installation command, as follows:  
npm install -g newman  
Micro Focus Fortify Software (23.1.0)  
Page 40 of 64  
 
System Requirements  
When you install Newman, a path variable for Newman is automatically added to the user  
variables. The path variable is similar to the following:  
<directory_path>\AppData\Roaming\npm  
You must manually add the same Newman path variable to the system environment variables.  
Ensure that the variable is in both the user variables and system environment variables before  
proceeding.  
System variables are read only when the machine boots, so after manually adding the path  
variable, you must restart your machine. See your Windows documentation for specific  
instructions on how to add a system environment variable.  
l
Node.js and the included Node Package Manager (NPM)  
Note: Install the Node.js version that is required for the version of Newman that you install. For  
more information, see https://www.npmjs.com/package/newman.  
Notes on SQL Server Editions  
When using the Express edition of SQL Server:  
l
Scan data must not exceed the database size limit. If you require a larger database or you need to  
share your scan data, use the full version of SQL Server.  
l
During the installation you might want to enable “Hide advanced installation options.” Accept all  
default settings. Micro Focus Fortify WebInspect requires that the default instance is named  
SQLEXPRESS.  
When using the full edition of SQL Server:  
l
You can install the full version of SQL Server on the local host or nearby (co-located). You can  
configure this option in Fortify WebInspect Application Settings (Edit > Application Settings >  
Database).  
l
The account specified for the database connection must also be a database owner (DBO) for the  
named database. However, the account does not require sysadmin (SA) privileges for the database  
server. If the database administrator (DBA) did not generate the database for the specified user,  
then the account must also have the permission to create a database and to manipulate the  
security permissions. The DBA can rescind these permissions after Fortify WebInspect sets up the  
database, but the account must remain a DBO for that database.  
WebInspect on Docker  
Fortify WebInspect on Docker has the software requirements listed in the following table.  
Package  
Versions  
Notes  
Windows  
Windows Server The Windows version supports the process  
2019 isolation runtime mode.  
Micro Focus Fortify Software (23.1.0)  
Page 41 of 64  
 
 
System Requirements  
Package  
Versions  
Notes  
Red Hat Universal Base  
Image (UBI)  
8.x x86_64  
The Linux version supports conducting scans of  
gRPC APIs.  
Follow Docker recommendations for the Docker engine version to use for these versions of Windows  
and Red Hat images.  
Notes on Image Databases  
SQL Server Express is the default database for the Fortify WebInspect images. There is a 10 GB scan  
database limit.  
Hardware Requirements  
Fortify recommends that you install Micro Focus Fortify WebInspect on Docker on a host that  
conforms to the supported components listed in the following table and configure the container to  
use these resources. Fortify does not support beta or pre-release versions of operating systems,  
service packs, and required third-party components.  
Component  
Requirement  
Notes  
Processor  
2.5 GHz quad-  
core or faster  
Complex applications might benefit from additional cores.  
RAM  
16 GB  
Complex applications might benefit from additional memory.  
Fortify recommends 32 GB of memory to scan with single-  
page application (SPA) support.  
Hard disk  
40 GB  
Using SQL Express and storing scans locally requires  
additional disk space per scan.  
Fortify WebInspect Ports and Protocols  
This section describes the ports and protocols Micro Focus Fortify WebInspect uses to make required  
and optional connections.  
Required Connections  
The following table lists the ports and protocols Micro Focus Fortify WebInspect uses to make  
required connections.  
Direction  
Endpoint  
URL or Details  
Port  
Protocol  
Notes  
Fortify  
Target host  
Scan target host  
Any  
HTTP  
Fortify WebInspect must  
Micro Focus Fortify Software (23.1.0)  
Page 42 of 64  
 
 
 
 
System Requirements  
Direction  
Endpoint  
URL or Details  
Port  
Protocol  
Notes  
WebInspect  
to target host  
connect to the web application  
or web service to be scanned.  
Fortify  
WebInspect  
to SQL  
SQL Server Express,  
SQL Server  
Standard/Enterprise,  
or Azure SQL Server  
SQLEXPRESS service on 1433  
localhost or SQL TCP  
service locally installed  
or remote host  
SQL TCP  
Used to maintain the scan data  
and to generate reports within  
the Fortify WebInspect  
application.  
database  
Fortify  
Verisign CRL  
http://crl.verisign.com/  
pca3.crl  
80  
HTTP  
Offline installations of Fortify  
WebInspect or Fortify  
WebInspect  
to Certificate  
Revocation  
List (CRL)  
WebInspect Enterprise require  
you to manually download and  
apply the CRL from Verisign.  
Fortify WebInspect products  
prompt for these lists from  
Windows and their absence can  
cause problems with the  
or  
http://csc3-2004-  
crl.verisign.com/  
CSC3-2004.crl  
application. A one-time  
download is sufficient, however  
Fortify recommends that you  
download the CRL as part of  
regular maintenance.  
Optional Connections  
The following table lists the ports and protocols Micro Focus Fortify WebInspect uses to make  
optional connections.  
Direction  
Endpoint  
URL or Details  
Port  
Protocol  
Notes  
Fortify  
Remote Fortify https://licenseservice.  
443  
HTTPS  
over SSL  
For one-time activation of a  
Fortify WebInspect Named User  
license. You may optionally use  
the following:  
WebInspect to Licensing  
Fortify License Service  
activation  
fortify.microfocus.com  
server  
l
An offline activation process  
instead of using this direct  
connection  
l
Upstream proxy with  
authentication instead of a  
direct connection  
Fortify  
Remote  
https://smartupdate.  
fortify.microfocus.com  
443  
HTTPS  
over SSL  
Used to automatically update  
the Fortify WebInspect product.  
SmartUpdate is automatic when  
opening the product UI, but can  
be disabled and run manually.  
Can optionally use upstream  
proxy with authentication  
WebInspect to SmartUpdate  
SmartUpdate  
server  
service  
instead of a direct connection.  
Micro Focus Fortify Software (23.1.0)  
Page 43 of 64  
 
System Requirements  
Direction  
Endpoint  
URL or Details  
Port  
Protocol  
Notes  
Fortify  
Remote Fortify https://supportchannel.  
443  
HTTPS  
Used to retrieve product  
WebInspect to Support  
Fortify Support Channel  
Channel server service  
fortify.microfocus.com  
over SSL  
marketing messages and to  
upload Fortify WebInspect data  
or product suggestions to Micro  
Focus Fortify Customer Support.  
Message check is automatic  
when opening the product UI,  
but can be disabled and run  
manually. Can optionally use  
upstream proxy with  
authentication instead of a direct  
connection.  
Fortify  
Fortify  
Lease Concurrent User  
license  
443  
Web  
services  
over SSL  
Required for Fortify WebInspect  
client to lease and use a  
Concurrent User license  
WebInspect to WebInspect  
Fortify License LIM  
and  
maintained in a LIM license pool.  
You can detach the client license  
from LIM after activation to  
avoid a constant connection.  
(Local  
Infrastructure  
Licensing  
Manager (LIM)  
Service)  
Fortify  
WebInspect API API, or network webinspect/api  
listener IP address  
Local machine http://localhost:8083/  
8083 or  
user-  
specified  
HTTP  
Use to activate a Fortify  
WebInspect API Windows  
Service. This opens a listening  
port on your machine, which you  
can use locally or remotely to  
generate scans and retrieve the  
results programmatically. This  
API can be SSL enabled, and  
supports Basic or Windows  
authentication.  
Fortify  
Fortify  
User-specified Fortify  
WebInspect server  
443 or  
user-  
specified  
HTTP or  
HTTPS  
over SSL  
The Enterprise Server menu  
connects Fortify WebInspect as a  
client to the enterprise security  
solution to transfer findings and  
user role and permissions  
management.  
WebInspect to WebInspect  
Fortify  
WebInspect  
Enterprise  
Enterprise  
server  
Fortify  
WebInspect  
Fortify  
WebInspect  
User-specified Fortify  
WebInspect server  
443 or  
user-  
HTTP or  
HTTPS  
Separate from the Fortify  
WebInspect UI, you can  
sensor service Enterprise  
specified  
over SSL  
configure the local installation as  
a remote scan engine for use by  
the enterprise security solution  
community. This is done through  
a Windows Service. This  
to Fortify  
server  
WebInspect  
Enterprise  
constitutes a different product  
from Fortify WebInspect desktop  
and is recommended to be run  
on its own, non-user-focused  
Micro Focus Fortify Software (23.1.0)  
Page 44 of 64  
System Requirements  
Direction  
Endpoint  
URL or Details  
Port  
Protocol  
Notes  
machine.  
Browser to  
Fortify  
WebInspect  
localhost  
Manual Step-Mode Scan Dynamic,  
HTTP or  
HTTPS  
over SSL  
Fortify WebInspect serves as a  
web proxy to the browser,  
enabling manual testing of the  
target web server through  
Fortify WebInspect.  
8081, or  
user-  
specified  
Fortify  
QC server  
User-specified ALM  
server  
Server-  
specified  
HTTP or  
HTTPS  
over SSL  
Permits submission of findings  
as defects to the ALM bug  
tracker.  
WebInspect to  
Quality Center  
Enterprise  
(ALM)  
Connections for Tools  
The following table lists the ports and protocols that the Micro Focus Fortify WebInspect tools use to  
make connections.  
Tool  
Direction  
Endpoint  
Port  
Protocol  
Notes  
Web Proxy  
To target host  
localhost  
8080 or  
user-  
HTTP or  
HTTPS  
Intercepts and displays web traffic  
specified  
over SSL  
Web Form  
Editor  
To target host  
To target host  
localhost  
localhost  
Dynamic,  
8100, or  
user-  
HTTP or  
HTTPS  
over SSL  
Intercepts web traffic and captures  
submitted forms  
specified  
Login or  
Workflow  
Macro  
Dynamic,  
8081, or  
user-  
HTTP or  
HTTPS  
over SSL  
Records browser sessions for replay  
during scan  
Recorders  
specified  
Web  
Fortify WebInspect Target host User-  
HTTP and Scanner for identifying rogue web  
Discovery  
machine to  
targeted IP range  
network  
range  
specified  
range  
HTTPS  
over SSL  
applications hosted among the targeted  
scanned IP and port ranges  
Use to provide targets to Fortify  
WebInspect (manually)  
Fortify WebInspect Agent  
For system requirements, see "Fortify WebInspect Agent Requirements" on the next page.  
Micro Focus Fortify Software (23.1.0)  
Page 45 of 64  
 
 
System Requirements  
WebInspect Software Development Kit (SDK)  
The WebInspect SDK requires the following software:  
l
Visual Studio 2019 (version 16.9.0)  
l
.NET Framework 4.8  
Important! Visual Studio Express versions do not support third-party extensions. Therefore,  
these versions do not meet the software requirements to use the WebInspect SDK.  
Software Integrations for Fortify WebInspect  
The following table lists products that you can integrate with Micro Focus Fortify WebInspect.  
Product  
Versions  
Micro Focus Fortify WebInspect Enterprise  
Application Lifecycle Management (ALM)  
22.2.0  
11.5, 12.01, 12.21,  
12.53  
Note: You must also install the ALM Connectivity tool to connect  
Fortify WebInspect to ALM.  
Micro Focus Fortify Software Security Center  
Micro Focus Unified Functional Testing  
23.1.0  
11.5  
Fortify WebInspect Agent Requirements  
Micro Focus Fortify WebInspect Agent technology is delivered for production application logging and  
protection.  
Platforms and Architectures  
Fortify WebInspect Agent supports 32-bit and 64-bit applications written in Java 5, 6, 7, 8, and 10.  
Micro Focus Fortify Software (23.1.0)  
Page 46 of 64  
 
 
 
System Requirements  
Java Runtime Environments  
Fortify WebInspect Agent supports the Java runtime environments listed in the following table.  
JRE  
Major Versions  
IBM J9  
5 (SR10 or later)  
6 (SR6 or later)  
Oracle HotSpot 5, 6, 7, 8  
Oracle JRockit 5, 6 (R27.6 or later)  
Note: The Java agent is supported on Windows, Linux, and Unix.  
Java Application Servers  
Fortify WebInspect Agent supports the Java application servers listed in the following table.  
Application Server  
Apache Tomcat  
IBM WebSphere  
Oracle WebLogic  
Versions  
6.0, 7.0, 8.0, 9.0  
7.0, 8.0, 8.5, 8.5.5  
10.0, 10.3, 11g, 11gR1, 12c  
Red Hat JBoss Enterprise Application Platform 7.3.0 or earlier  
Jetty  
9.3  
WildFly  
20.0.1 or earlier  
.NET Frameworks  
Fortify WebInspect Agent supports .NET Framework versions 2.0, 3.0, 3.5, 4.0, and 4.5–4.8.  
IIS for Windows Server  
Fortify WebInspect Agent supports Internet Information Services (IIS) versions 6.0, 7.0, 7.5, 8, 8.5, and  
10.0.  
Micro Focus Fortify Software (23.1.0)  
Page 47 of 64  
 
 
 
 
System Requirements  
Fortify WebInspect Enterprise Requirements  
Before you install Micro Focus Fortify WebInspect Enterprise, make sure that your systems meet the  
requirements described in this section. Fortify does not support beta or pre-release versions of  
operating systems, service packs, or required third-party components.  
Note: Product versions that are not specifically listed in this document are not supported.  
Important Information About This Release  
Micro Focus Fortify WebInspect Enterprise was not updated for the 23.1.0 release. However, Fortify  
WebInspect Enterprise 22.2.0 is compatible with Fortify Software Security Center 23.1.0 and the  
Fortify WebInspect 23.1.0 sensor.  
Integrations for Fortify WebInspect Enterprise  
You can integrate Micro Focus Fortify WebInspect Enterprise with the following components:  
l
Micro Focus Fortify WebInspect sensors 23.1.0  
l
Micro Focus Fortify WebInspect Agent 23.1.0  
Fortify WebInspect Enterprise Database  
Fortify recommends that you configure the database server on a separate machine from either Micro  
Focus Fortify Software Security Center or Micro Focus Fortify WebInspect Enterprise.  
The Fortify WebInspect Enterprise Server SQL database requires case-insensitive collation.  
Important! This is opposite the requirement for Fortify Software Security Center databases as  
described in "Fortify Software Security Center Database" on page 22.  
WebInspect Enterprise Hardware Requirements  
The following table lists the hardware requirements for the Micro Focus Fortify WebInspect  
Enterprise server.  
Component  
Processor  
RAM  
Requirement  
3.0 GHz quad-core  
16 GB  
Hard disk  
100+ GB  
Micro Focus Fortify Software (23.1.0)  
Page 48 of 64  
 
 
 
 
 
System Requirements  
Component  
Requirement  
1920 x 1080  
Display  
WebInspect Enterprise Software Requirements  
Micro Focus Fortify WebInspect Enterprise server runs on and works with the software packages  
listed in the following table.  
Package  
Versions  
Notes  
Windows  
Windows Server 2016 Recommended  
Windows Server 2019  
.NET Platform  
Web Server  
.NET Framework 4.8  
IIS 10  
Recommended  
IIS 7.5, 8.0, 8.5  
SQL Server 2019  
SQL Server  
Recommended  
(English-language  
versions only)  
No scan database limit  
SQL Server 2017  
No scan database limit  
SQL Server 2016 SP2 No scan database limit  
Administrative Console Requirements  
This section describes the hardware and software requirements for the Micro Focus Fortify  
WebInspect Enterprise Administrative Console.  
You do not need to install the Fortify WebInspect Enterprise Administrative Console on the same  
machine as the Web Console of the Fortify WebInspect Enterprise server. The two consoles have  
different system requirements. In addition, you can install multiple Administrative Consoles on  
different machines connected to the same Fortify WebInspect Enterprise server.  
Micro Focus Fortify Software (23.1.0)  
Page 49 of 64  
 
 
System Requirements  
Hardware Requirements  
The following table lists the hardware requirements for Fortify WebInspect Enterprise Administrative  
Console.  
Component  
Processor  
RAM  
Requirement  
Notes  
2.5 GHz dual-core Minimum  
4 GB  
Minimum  
Hard disk  
Display  
2 GB  
1980 x 1080  
1280 x 1024  
Recommended  
Minimum  
Software Requirements  
The Fortify WebInspect Enterprise Administrative Console runs on and works with the software  
packages listed in the following table.  
Package  
Versions  
Notes  
Windows  
Windows 10  
Recommended  
Windows 8.1  
Windows Server 2016  
Windows Server 2019  
.NET Framework 4.8  
.NET  
Fortify WebInspect Enterprise Ports and Protocols  
This section describes the ports and protocols Micro Focus Fortify WebInspect Enterprise uses to  
make required and optional connections.  
Micro Focus Fortify Software (23.1.0)  
Page 50 of 64  
 
 
 
System Requirements  
Required Connections  
The following table lists the ports and protocols Micro Focus Fortify WebInspect Enterprise uses to  
make required connections.  
URL or  
Direction  
Endpoint  
Details  
Port  
Protocol  
Notes  
Fortify WebInspect  
Enterprise Manager  
server to SQL  
SQL Server  
Standard/Enterprise  
SQL TCP  
service on  
locally  
1433 or  
user-  
specified  
SQL TCP  
Used to maintain the scan data  
and full Enterprise environment.  
Custom configurations of  
database  
installed or  
remote host  
SQL Server are permitted,  
including port changes and  
encrypted communication.  
Fortify WebInspect  
Enterprise Manager  
machine to Fortify  
Software Security  
Center server  
Fortify Software  
Security Center server specified  
User-  
8180 or  
user-  
specified  
HTTP or  
HTTPS  
over SSL  
As a modular add-on, Fortify  
WebInspect Enterprise requires  
a connection to its core Fortify  
Software Security Center  
server.  
Fortify  
Software  
Security  
Center server  
Note: This connection is  
required only if you  
integrate Fortify  
WebInspect Enterprise  
with Fortify Software  
Security Center.  
Sensor machines to  
Fortify WebInspect  
Enterprise Manager  
server  
Fortify WebInspect  
Enterprise server  
User-  
specified  
Fortify  
WebInspect  
Enterprise  
server  
443 or  
user-  
specified  
HTTPS  
over SSL  
Communication is two-way  
HTTP traffic, initiated in-bound  
by the Fortify WebInspect  
sensor machine.  
Browser users to  
Fortify WebInspect  
Enterprise server UI  
Fortify WebInspect  
Enterprise server  
User-  
specified  
Fortify  
WebInspect  
Enterprise  
server  
443 or  
user-  
specified  
HTTPS  
over SSL  
You can configure Fortify  
WebInspect Enterprise not to  
use SSL, but tests indicate that  
it might affect the product  
usability.  
Browser user to  
Fortify Software  
Security Center UI  
Fortify Software  
Security Center server specified  
User-  
8180 or  
user-  
specified  
HTTP or  
HTTPS  
over SSL  
You can configure the Fortify  
Software Security Center server  
on any available port during  
installation.  
Fortify  
Software  
Security  
Center server  
Micro Focus Fortify Software (23.1.0)  
Page 51 of 64  
 
System Requirements  
Optional Connections  
The following table lists the ports and protocols Micro Focus Fortify WebInspect Enterprise uses to  
make optional connections.  
Direction  
Endpoint  
URL or Details  
Port  
Protocol  
Notes  
Fortify  
WebInspect  
desktop  
machines to  
Fortify  
Fortify  
User-specified Fortify  
WebInspect Enterprise user-  
server  
443 or  
HTTPS  
over SSL  
Communication is two-way HTTP  
traffic, initiated in-bound by the  
Fortify WebInspect desktop  
machine.  
WebInspect  
Enterprise  
server  
specified  
WebInspect  
Enterprise  
Manager  
server  
Fortify  
Fortify  
Licensing  
Service  
https://licenseservice.  
fortify.microfocus.com  
443  
HTTPS  
over SSL  
For one-time activation of the  
Fortify WebInspect Enterprise  
server license as well as periodic  
checks during an update. You may  
optionally use the following:  
WebInspect  
Enterprise  
Manager  
machine to  
Fortify License  
activation  
server  
l
An offline activation process  
instead of using this direct  
connection  
l
Upstream proxy with  
authentication instead of a  
direct Internet connection  
Important! If you use the  
offline activation process,  
then you must also use the  
offline SmartUpdate process.  
For more information, see the  
Micro Focus Fortify  
WebInspect Enterprise User  
Guide or the WebInspect  
Enterprise Administrative  
Console help.  
Micro Focus Fortify Software (23.1.0)  
Page 52 of 64  
 
System Requirements  
Direction  
Endpoint  
URL or Details  
Port  
Protocol  
Notes  
Fortify  
SmartUpdate  
https://smartupdate.  
fortify.microfocus.com  
443  
HTTPS  
over SSL  
Used to acquire product updates  
as well as all connected clients  
(Fortify WebInspect sensors and  
Fortify WebInspect desktop). The  
administrator manually runs  
WebInspect  
Enterprise  
Manager  
machine to  
SmartUpdate  
server  
SmartUpdate, however Fortify  
recommends that you set up an  
automated schedule. New client  
releases are held in reserve until  
the Fortify WebInspect Enterprise  
administrator marks them as  
Approved, at which time they are  
automatically distributed from the  
Fortify WebInspect Enterprise  
Manager server. Can support the  
use of an upstream proxy with  
authentication instead of a direct  
Internet connection.  
Important! Access to the  
SmartUpdate server also  
requires access to the  
licensing server. If you have  
restrictions on outgoing  
traffic, you must add both the  
SmartUpdate server and the  
licensing server to your allow  
list.  
Fortify  
User’s mail  
server  
Email alerts  
SNMP alerts  
25 or  
user-  
specified  
SMTP  
SNMP  
Used for SMTP alerts for  
WebInspect  
Enterprise  
Manager  
machine to  
mail server  
administration team. To enable  
mobile TXT alerts, you can use an  
SMTP-to-SMS gateway address.  
Fortify  
User’s SNMP  
Community  
162 or  
user-  
specified  
Used for SNMP alerts for  
administration team.  
WebInspect  
Enterprise  
Manager  
machine to  
SNMP  
Community  
Micro Focus Fortify Software (23.1.0)  
Page 53 of 64  
System Requirements  
Connections for Tools  
The following table lists the ports and protocols that the Micro Focus Fortify WebInspect Enterprise  
tools use to make connections.  
Tool  
Direction  
Endpoint  
Port  
Protocol  
Notes  
Web Proxy  
To target  
web  
localhost  
8080 or  
user-specified  
HTTP or  
HTTPS  
Intercepts and displays web traffic  
application  
over SSL  
Web Form  
Editor  
To target  
web  
application  
localhost  
localhost  
Dynamic, 8100, HTTP or  
Intercepts web traffic and captures  
submitted forms  
or  
HTTPS  
user-specified  
over SSL  
Login or  
Workflow Macro web  
To target  
Dynamic, 8081, HTTP or  
Records browser sessions for replay during  
scan  
or  
HTTPS  
Recorders  
application  
user-specified  
over SSL  
Web Discovery  
To targeted localhost  
IP range  
User-specified  
range  
HTTP and Scanner for identifying rogue web  
HTTPS  
applications hosted among the targeted  
scanned IP and port ranges  
over SSL  
Use to provide targets to Fortify  
WebInspect (manually)  
Fortify WebInspect Enterprise Sensor  
A Micro Focus Fortify WebInspect Enterprise sensor is a Micro Focus Fortify WebInspect sensor that  
runs scans on behalf of Fortify WebInspect Enterprise. See "Fortify WebInspect Requirements" on  
page 38 for more information.  
To run a scan from Fortify WebInspect Enterprise, you must have at least one instance of Fortify  
WebInspect connected and configured as a sensor.  
Fortify WebInspect Enterprise Notes and Limitations  
l
You can connect any instance of Micro Focus Fortify Software Security Center to only one instance  
of Micro Focus Fortify WebInspect Enterprise, and you can connect any instance of Fortify  
WebInspect Enterprise to only one instance of Fortify Software Security Center.  
l
For a Fortify WebInspect Enterprise environment to support Internet Protocol version 6 (IPv6), you  
must deploy the IPv6 protocol on each Fortify WebInspect Enterprise Administrative Console, each  
Fortify WebInspect Enterprise sensor, and the Fortify WebInspect Enterprise server.  
Micro Focus Fortify Software (23.1.0)  
Page 54 of 64  
 
 
 
System Requirements  
Fortify Project Results (FPR) File Compatibility  
Earlier versions of Micro Focus Fortify Software products cannot open and read FPR files generated  
by later versions of Fortify Software products. For example, Micro Focus Fortify Audit Workbench  
22.1.0 cannot read 23.1.0 FPR files. However, later versions of Fortify Software products can open  
and read FPR files generated by earlier versions of Fortify Software products. For example, Fortify  
Audit Workbench version 23.1.0 can open and read version 22.2.0 FPR files.  
The FPR file version is determined as follows:  
l
The FPR version is the same as the version of the analyzer that initially generated it. For example,  
an FPR generated by Fortify Software version 23.1.0 also has the version 23.1.0.  
l
The FPR version is the same as the version of the Fortify Software Security Center server or Fortify  
Applications and Tools used to change or audit the FPR.  
l
If you merge two FPRs, the resulting FPR has the version of the more recently generated FPR. For  
example, if you merge a version 22.2.0 FPR with a version 23.1.0 FPR, the resulting FPR has the  
version 23.1.0.  
You can only open 23.1.0 FPR files with Fortify Software Security Center or Fortify Static Code  
Analyzer applications and tools versions 23.1.0 or later.  
Caution Regarding Uploading FPR Files to Fortify Software Security Center  
Fortify Software Security Center keeps a project file that contains the latest scan results and audit  
information for each application. Fortify Audit Workbench and the Secure Code Plugins also use this  
project file for collaborative auditing.  
Each time you upload an FPR to Fortify Software Security Center, it is merged with the existing  
project file. If the FPR has a later version number than the existing project file, the existing project file  
version changes to match the FPR. For Fortify Audit Workbench and the Secure Code Plugins to work  
with the updated FPR, they must be at least the same version as the FPR. For example, Fortify Audit  
Workbench 22.2.0 cannot open and read a 23.1.0 FPR.  
Virtual Machine Support  
You can run Micro Focus Fortify Software products on an approved operating system in virtual  
machine environments. You must provide dedicated CPU and memory resources that meet the  
minimum hardware requirements. If you find issues that cannot be reproduced on the native  
environments with the recommended processing, memory, and disk resources, you must work with  
the provider of the virtual environment to resolve them.  
Note: If you run Fortify Software products in a VM environment, Fortify strongly recommends  
that you have CPU and memory resources fully committed to the VM to avoid performance  
degradation.  
Micro Focus Fortify Software (23.1.0)  
Page 55 of 64  
 
 
System Requirements  
Technologies no Longer Supported in this Release  
The following technologies are no longer supported in Fortify Software:  
l
Build Tools:  
l
xcodebuild 13, 13.1  
l
Compilers:  
l
Swiftc 5.5, 5.5.1  
l
Kubernetes Cluster Deployment (Fortify Software Security Center):  
l
Kubernetes 1.22  
l
Helm 3.8  
l
Operating Systems (Fortify Static Code Analyzer):  
l
macOS 11  
l
Platforms and Architectures (Fortify Static Code Analyzer applications and tools):  
l
SUSE Linux Enterprise Server 12  
Technologies to Lose Support in the Next Release  
The technologies listed in this topic are scheduled for deprecation in the next Micro Focus Fortify  
Software release.  
Note: A deprecated technology is no longer recommended for use. Typically, the deprecated item  
will be removed from the product in a future release. When a technology is deprecated, Fortify  
recommends that you remove it from your workflow at your earliest convenience.  
l
Fortify Static Code Analyzer support for all Swift, Xcode, and Objective-C/C++ versions follows the  
deprecation path Apple Inc. adopts.  
l
Integrated Development Environments (Fortify Secure Code Plugins):  
l
Eclipse 2020-x  
l
IntelliJ IDEA 2020.x  
l
Android Studio 2020.x  
l
Kubernetes Cluster Deployment (Fortify Software Security Center):  
l
Kubernetes 1.23–1.25  
l
Helm 3.9–3.10  
Micro Focus Fortify Software (23.1.0)  
Page 56 of 64  
 
 
System Requirements  
Acquiring Fortify Software  
Micro Focus Fortify Software is available as an electronic download. For instructions on how to  
download the software from the Micro Focus Software Licenses and Downloads (SLD) portal  
(https://sld.microfocus.com), click Contact Us / Self Help to review the videos and the Quick Start  
Guide.  
The following table lists the available packages and describes their contents.  
File Name  
Description  
Fortify_SCA_<version>_  
Windows.zip  
Fortify Static Code Analyzer package for Windows  
This package includes:  
l
Fortify Static Code Analyzer installer, which includes the following  
components:  
l
Fortify Static Code Analyzer  
l
Fortify ScanCentral SAST client  
l
Fortify License and Infrastructure Manager installer  
l
Fortify Custom Rules Guide bundle  
l
About Fortify Software Documentation  
Note: Fortify Software Security Content (Rulepacks and external  
metadata) can be downloaded during the installation.  
Fortify_SCA_<version>_  
Windows.zip.sig  
Signature file for the Fortify Static Code Analyzer package for  
Windows  
Fortify_SCA_<version>_  
Linux.tar.gz  
Fortify Static Code Analyzer package for Linux  
This package includes:  
l
Fortify Static Code Analyzer installer, which includes the following  
components:  
l
Fortify Static Code Analyzer  
l
Fortify ScanCentral SAST client  
l
Fortify Custom Rules Guide bundle  
l
About Fortify Software Documentation  
Micro Focus Fortify Software (23.1.0)  
Page 57 of 64  
 
System Requirements  
File Name  
Description  
Note: Fortify Software Security Content (Rulepacks and external  
metadata) can be downloaded during the installation.  
Fortify_SCA_<version>_  
Signature file for Fortify Static Code Analyzer for Linux  
Linux.tar.gz.sig  
Fortify_SCA_<version>_  
Mac.tar.gz  
Fortify Static Code Analyzer package for macOS  
This package includes:  
l
Fortify Static Code Analyzer installer  
l
Fortify Custom Rules Guide bundle  
l
About Fortify Software Documentation  
Note: Fortify Software Security Content (Rulepacks and external  
metadata) can be downloaded during the installation.  
Fortify_SCA_<version>_  
Mac.tar.gz.sig  
Signature file for the Fortify Static Code Analyzer package for  
macOS  
Fortify_SCA_<version>_  
Solaris.tar.gz  
Fortify Static Code Analyzer for Solaris  
This package includes:  
l
Fortify Static Code Analyzer installer  
l
Fortify Custom Rules Guide bundle  
l
About Fortify Software Documentation  
Fortify_SCA_<version>_  
Signature file for Fortify Static Code Analyzer for Solaris  
Solaris.tar.gz.sig  
Fortify_SCA_<version>_  
AIX.tar.gz  
Fortify Static Code Analyzer for AIX  
This package includes:  
l
Fortify Static Code Analyzer installer  
l
Fortify Custom Rules Guide bundle  
l
About Fortify Software Documentation  
Fortify_SCA_<version>_  
Signature file for Fortify Static Code Analyzer for AIX  
AIX.tar.gz.sig  
Micro Focus Fortify Software (23.1.0)  
Page 58 of 64  
System Requirements  
File Name  
Description  
Fortify_SCA_Samples_  
<version>.zip  
Code samples to help you learn to use Fortify Static Code Analyzer  
Fortify_SCA_Samples_  
<version>.zip.sig  
Signature file for Fortify Samples  
Fortify_Tools_<version>_  
Windows.zip  
Fortify Static Code Analyzer Applications and Tools package for  
Windows  
This package includes:  
l
Fortify Applications and Tools installer, which includes the  
following components:  
l
Fortify Audit Workbench  
l
Fortify Custom Rules Editor  
l
Fortify Plugin for Eclipse (Eclipse Complete Plugin)  
l
Fortify Analysis Plugin for IntelliJ IDEA and Android Studio  
l
Fortify Extension for Visual Studio  
l
Fortify Scan Wizard  
l
Fortify Security Assistant Plugin for Eclipse  
l
About Fortify Software Documentation  
Fortify_Tools_<version>_  
Windows.zip.sig  
Signature file for the Fortify Applications and Tools package for  
Windows  
Fortify_Tools_<version>_  
Linux.tar.gz  
Fortify Static Code Analyzer Applications and Tools package for  
Linux  
This package includes:  
l
Fortify Applications and Tools installer, which includes the  
following components:  
l
Fortify Audit Workbench  
l
Fortify Custom Rules Editor  
l
Fortify Plugin for Eclipse (Eclipse Complete Plugin)  
l
Fortify Analysis Plugin for IntelliJ IDEA and Android Studio  
Micro Focus Fortify Software (23.1.0)  
Page 59 of 64  
System Requirements  
File Name  
Description  
l
Fortify Extension for Visual Studio  
l
Fortify Scan Wizard  
l
l
Fortify Security Assistant Plugin for Eclipse  
About Fortify Software Documentation  
Fortify_Tools_<version>_  
Signature file for Fortify Applications and Tools for Linux  
Linux.tar.gz.sig  
Fortify_Tools_<version>_  
Mac.tar.gz  
Fortify Static Code Analyzer Applications and Tools package for  
macOS  
This package includes:  
l
Fortify Applications and Tools installer, which includes the  
following components:  
l
Fortify Audit Workbench  
l
Fortify Custom Rules Editor  
l
Fortify Plugin for Eclipse (Eclipse Complete Plugin)  
l
Fortify Analysis Plugin for IntelliJ IDEA and Android Studio  
l
Fortify Extension for Visual Studio  
l
Fortify Scan Wizard  
l
Fortify Security Assistant Plugin for Eclipse  
l
About Fortify Software Documentation  
Fortify_Tools_<version>_  
Mac.tar.gz.sig  
Signature file for the Fortify Applications and Tools package for  
macOS  
Fortify_SSC_Server_  
<version>.zip  
Fortify Software Security Center package  
This package includes:  
l
Fortify Software Security Center WAR file  
l
Fortify seed bundles  
l
About Fortify Software Documentation  
Fortify_SSC_Server_  
Signature file for Fortify Software Security Center  
<version>.zip.sig  
Micro Focus Fortify Software (23.1.0)  
Page 60 of 64  
System Requirements  
File Name  
Description  
Fortify_ScanCentral_  
Controller_<version>.zip  
Fortify ScanCentral SAST Controller package  
This package includes:  
l
Fortify ScanCentral SAST  
l
ScanCentral standalone client  
l
About Fortify Software Documentation  
Fortify_ScanCentral_  
Signature file for Fortify ScanCentral SAST Controller  
Controller_<version>.zip.sig  
ScanCentral_DAST_  
<version>.zip  
Fortify ScanCentral DAST package  
This package includes:  
l
DAST.ConfigurationToolCLI.exe  
l
scancentral-dast-config.tar (Docker container with the  
DAST.ConfigurationToolCLI.exe and SecureBase)  
l
SampleSettingsFile.json  
l
SampleSettingsFile.yaml  
l
ScanCentral DAST - Sensor Service.zip (sensor service and  
supporting bits)  
l
appsettings.json (configures the sensor service)  
l
Dynamic_Addons.zip (installers for optional FAST and Scan  
Scaling components)  
l
About Fortify Software Documentation  
ScanCentral_DAST_  
Signature file for Fortify ScanCentral DAST  
<version>.zip.sig  
SecurityToolkit_  
<version>.zip  
Fortify WebInspect Toolkit package for use with Fortify WebInspect  
Enterprise  
WebInspect_64_  
<version>.zip  
Fortify WebInspect 64-bit package  
This package includes:  
l
Installer  
l
About Fortify Software Documentation  
WebInspect_Agent_  
Fortify WebInspect Agent package  
Micro Focus Fortify Software (23.1.0)  
Page 61 of 64  
System Requirements  
File Name  
Description  
<version>.zip  
WI_Enterprise_  
Fortify WebInspect Enterprise package  
<version>.zip  
This package includes the following components:  
l
Fortify WebInspect Enterprise server  
l
Fortify WebInspect Enterprise Administrative Console  
l
About Fortify Software Documentation  
About Verifying Software Downloads  
This topic describes how to verify the digital signature of the signed file that you downloaded from  
the Micro Focus Fortify Customer Support site. Verification ensures that the downloaded package has  
not been altered since it was signed and posted to the site. Before proceeding with verification,  
download the Fortify Software product files and their associated signature (*.sig) files. You are not  
required to verify the package to use the software, but your organization might require it for security  
reasons.  
Preparing Your System for Digital Signature Verification  
Note: These instructions describe a third-party product and might not match the specific,  
supported version you are using. See your product documentation for the instructions for your  
version.  
To prepare your system for electronic media verification:  
1. Navigate to the GnuPG site (http://www.gnupg.org).  
2. Download and install GnuPG Privacy Guard.  
3. Generate a private key, as follows:  
a.  
Run the following command (on a Windows system, run the command without the $prompt):  
$ gpg --gen-key  
b.  
c.  
When prompted for key type, select DSA and Elgamal.  
When prompted for a key size, select 2048.  
d.  
When prompted for the length of time the key should be valid, select key does not  
expire.  
e. Answer the user identification questions and provide a passphrase to protect your private  
key.  
4. Download the Micro Focus GPG public keys (compressed tar file) from  
https://mysupport.microfocus.com/documents/10180/0/MF_public_keys.tar.gz.  
5. Extract the public keys.  
Micro Focus Fortify Software (23.1.0)  
Page 62 of 64  
 
 
System Requirements  
6. Import each downloaded key with GnuPG with the following command:  
gpg --import <path_to_key>/<key_file>  
Verifying Software Downloads  
To verify that the signature file matches the downloaded software package:  
1. Navigate to the directory where you stored the downloaded package and signature file.  
2. Run the following command:  
gpg --verify <file>.sig <filename>  
For example:  
gpg --verify Fortify_SSC_Server_23.1.0.zip.sig Fortify_SSC_Server_  
23.1.0.zip  
3. Examine the output to make sure that you receive verification that the software you downloaded  
is signed by Micro Focus Group Limited and is unaltered. Your output will include something  
similar to the following:  
gpg: Signature made Wed, November 10, 2022 12:05:20 AM PDT using RSA  
key ID AB42A5CF  
gpg: Good signature from "Micro Focus Group Limited RS A2048 1"  
Note: A warning message might indicate that the public key is not known to the system. You can  
ignore this warning or set up your environment to trust these public keys.  
Assistive Technologies (Section 508)  
In accordance with section 508 of the Rehabilitation Act, Micro Focus Fortify Audit Workbench has  
been engineered to work with the JAWS screen reading software package from Freedom Scientific.  
JAWS provides text-to-speech support for use by the visually impaired. With JAWS, labels, text boxes,  
and other textual components can be read aloud, providing greater access to these technologies.  
Micro Focus Fortify Software Security Center works well with the ChromeVox screen reader.  
Micro Focus Fortify Software (23.1.0)  
Page 63 of 64  
 
Send Documentation Feedback  
If you have comments about this document, you can contact the documentation team by email.  
Note: If you are experiencing a technical issue with our product, do not email the documentation  
team. Instead, contact Micro Focus Fortify Customer Support at  
https://www.microfocus.com/support so they can assist you.  
If an email client is configured on this computer, click the link above to contact the documentation  
team and an email window opens with the following information in the subject line:  
Feedback on System Requirements (Fortify Software 23.1.0)  
Just add your feedback to the email and click send.  
If no email client is available, copy the information above to a new message in a web mail client, and  
send your feedback to fortifydocteam@microfocus.com.  
We appreciate your feedback!  
Micro Focus Fortify Software (23.1.0)  
Page 64 of 64