Additional License Authorizations

For Application Security software products




Products and suites covered



Products

E-LTU or

E-Media available*

Perpetual License Non-production use category **

Term License

Non-production use category (if available)

Security ArcSight Application View (previously called HPE Security ArcSight Application View)

Yes

Class 1

Class 3

Fortify Audit Assistant On-Premise

Yes

Class 3

Class 3

DevInspect (previously called HPE DevInspect)

Yes

Class 3

Class 3

Security Fortify for Managed Service Provider on Premise (previously called HPE Security Fortify for Managed Service Provider on Premise)

Yes

Class 3

Class 3

Security Fortify Governance (previously called HPE Security Fortify Governance)

Yes

Class 3

Class 3

Security Fortify Real-Time Analyzer (previously called HPE Security Fortify Real-Time Analyzer).

Yes

Class 3

Class 3

Security Fortify Runtime (previously called HPE Security Fortify Runtime)

Yes

Class 3

Class 3

Security Fortify Static Code Analyzer (previously called HPE Security Fortify Static Code Analyzer)

Yes

Class 3

Class 3

Security Fortify Scanner Model

Yes

Class 3

Class 3

Security Application Defender (previously called HPE Security Application Defender)

Yes

Class 3

Class 3

Software Security Center (previously called HPE Software Security Center)

Yes

Class 3

Class 3

Security WebInspect (previously called HPE Security WebInspect)

Yes

Class 3

Class 3

Security WebInspect Enterprise (previously called HPE Security WebInspect Enterprise)

Yes

Class 3

Class 3

Sonatype Fortify On Premise

Yes

N/A

Class 3




Suites

E-LTU or

E-Media available*

Perpetual License Non-production use category **

Term License

Non-production use category (if available)

Security Fortify Express Edition Suite (previously called HPE Security Fortify Express Edition Suite)

Yes

Class 3

Class 3

Security Fortify Premium Edition Suite (previously called HPE Security Fortify Premium Edition Suite)

Yes

Class 3

Class 3

Security Fortify Ultimate Edition Suite (previously called HPE Security Fortify Ultimate Edition Suite)

Yes

Class 3

Class 3

Security Fortify Runtime Suite (previously called HPE Security Fortify Runtime Suite)

Yes

Class 3

Class 3

Security Software Security Center Build to Order Starter Edition (previously called HPE Security Software Security Center Build to Order Starter Edition)

Yes

Class 3

Class 3



Suites


E-LTU or

E-Media available*


Perpetual License Non-production use category **


Term License Non-production use category (if available)

Security Software Security Center Build to Order Starter Edition w/o SSC Server (previously called HPE Security Software Security Center Build to Order Starter Edition w/o SSC Server)

Yes

Class 3

Class 3

Security WebInspect Enterprise Build to Order Starter Edition Suite (previously called HPE Security WebInspect Enterprise Build to Order Starter Edition Suite)

Yes

Class 3

Class 3

Security WebInspect Enterprise Security Consultant Suite (previously called HPE Security WebInspect Enterprise Security Consultant Suite)

Yes

Class 3

Class 3


* Any product sold as E-LTU or E-Media shall be delivered electronically regardless of any contrary designation in a purchase order.

** Non-production use rights, if any, can be found at software.microfocus.com/legal/software-licensing.


Definitions

Capitalized terms not otherwise defined in this ALA document are defined in the governing agreement.


Term

Definition

Agent (Security Application Defender)

Means that portion of the software that manages and may be required for each physical server, virtual server, application runtime or container.

AMP Concurrent User

Means the software is licensed by the amount of active AMP Users that interact (directly or indirectly) with software at any one point in time on one (1) OS Instance.

AMP User

Means a single individual who makes use of the software and/or the functionality provided by the software either directly or indirectly through user interfaces, clients, 3rd party software, or Application Programming Interfaces.

Application (Security Fortify Editions – Static Scanning)

See Project

Application (Security Application Defender)

Means a deployable unit of software code consisting of a collection of source code, byte code or object code, or a running production Instance of that deployed unit of software code, that delivers some or all of the functionality of a business application. If a component, subsystem, or interfaced system can be removed from the deployable unit of software code and run separately to provide independent functionality, that component, subsystem or interface is considered a separate and independent Application.

Application (Security WebInspect and Security Fortify Editions – Dynamic Scanning)

See Target.

Application Instance or

AppInstance

Means the installation and usage of an Instance of an Application on a Server or group of Servers.

Application Programmatic Interface (“API”)

Means a set of access methods, through which the functionality provided by the application is made available to other applications.

Authorized Machine

Means a named OS Instance licensed to run the software.

Base

Means an offering of Security Fortify Governance with a minimum of 10 Projects.

Build to Order Plan or B2O

Means a pricing plan under which Power Users and/or Regular Users use the software on Authorized Machines for Projects.



Term

Definition

CBT Seat

Means a license for an individual to use a specific computer based training course.

Clients

Means any applications or systems which provide functionality separate from that of the software while providing for the facility to connect to and interact with the software.

Cold Standby System

Means a standby non-production system which is NOT up and running. If the production system breaks down, or needs to be taken out of service, you are required to switch on and start the Cold Standby System in order to take over for the production system.

Concurrent Users or

CC Users

Means the software is licensed by the amount of users that simultaneously use the software at any one point in time. The software can be installed on any number of computers, provided that the actual usage of the software does not exceed the number of licenses purchased.

Connection

Means an application actively communicating through an established and authenticated communication session with the AMP Server.

Curriculum

Means a combination of courses that may or may not be offered individually.

Developer

Means an individual responsible for the design and development of the source code assessed by DevInspect.

Development and Test Systems

Means a non-production system to be used for a) developing your add-on applications in order to access the licensed software b) migration testing c) pre-production staging or d) version upgrades/configurations and transition purposes.

Device or Dev

Means an addressable entity, physical or virtual, including but not limited to router, switch, bridge, hub, server, PC, laptops, handheld device or printer that resides within the range defined for interrogation and asset tracking.

Documentation

Means any explanatory written or on-line material including, but not limited to, user guides, reference manuals and HTML files.

Dynamic Engine

Means a single installed OS Instance of a dynamic Application testing software used by Security WebInspect or Security WebInspect Enterprise Sensor for Scanning Applications for security vulnerabilities.

E-LTU and E-Media

Means products which are electronically delivered only, and as such any reference to FOB Destination or delivery methods that are stated on your purchase order other than electronic shall be null and void with respect to these E-LTU or E-Media products.

Enterprise or Ent

Means a license which allows Unlimited CBT Seats within the legal entity.

Fail or Failover

Means a backup operation that automatically switches the functions of a primary system to a standby server if the primary system fails or is temporarily taken out of service.

Flexible Deployment Plan

or Flex

Means the licensing arrangement under which Customer knows how many developers contributed code to the applications, and the software may be used to analyze/scan code written only by the Named Contributing Developers.

Fortify Dynamic Only Scan Machine

Means an instance of WebInspect that is actively running a single scan and is not authorized to use the Fortify Software Security Center (SSC) platform.

Fortify Scan Machine

Means an instance of Fortify Static Code Analyzer (SCA) or WebInspect that is actively running a single translation or scan.

Fortify User

Means any named user who is using Fortify Software Security Center (SSC), or any tooling provided by Fortify, or a Fortify Dynamic Only Scan Machine.

Foundation

Means a single Instance of the core or primary components of a software application which enable its basic functionality, and without which the additional modules available for the application are unable to operate. Foundation software may be installed on one or multiple servers, depending on the specific architecture required to enable the functioning of the single Instance.

Hot Standby System

Means a non-production system which is up and running, ready to take over from the production system if the production system breaks down or needs to be taken out of service.



Term

Definition

Implementation

Means an installation of the software on a single Server or installed on a cluster of Servers which work together as a single installation of the software.

Instance

Means each implementation of the application

Internal Use

Means access and Use of the software for purposes of supporting your internal operations or functions.

Lines of Code or LOC

Means the total number of lines of your software source code that are authorized to be scanned by an Unlimited number of software developers on an Unlimited number of Authorized Machines using the software.

Lines of Code Plan or LOC Plan

Means the licensing arrangement that specifies the authorized Lines of Code.

LTU

Means License To Use.

Managed Service or MS

Means services provided by you using the eligible Micro Focus Products for managing or augmenting the information technology functions of other companies for a fee, such as but not limited to, outsourcing, hosting, Infrastructure- as-a-Service (“IaaS”), Platform-as-a-Service (“PaaS”), Software –as-a-Service (“SaaS”), or Business Process-as-a-Service (“BPaaS”), remote network management, security monitoring, log management, patch management, remote data back-up, and application services such as load testing, quality testing, regression testing, or performance testing.

Managed Service Provider

or MSP

Means you when acting as a third party service provider contracted by an end user (that is not your Affiliate) to provide Managed Services to that end user.

Named Contributing Developer or NCD

Means a named software developer authorized to contribute code to the projects to be scanned by the licenses product.

Named User or Nmd User

Means a specific individual authorized by you to access the software regardless of whether they are actively using the software.

Non-Production or NP

Means internal use which is limited to Use on Development and Test Systems and Hot and/or Cold Standby Systems. This NP license requires the previous purchase of the equivalent or greater production licenses. Support for NP licenses is restricted to the period of and current status of the equivalent production license.

Operating System Instance or OS Instance

Means each implementation of the bootable program that can be installed onto a physical system or a partition, such as system Virtual Machines, virtual environments, virtual private servers, containers, guests and zones, within the physical system. A physical system can contain multiple Operating System Instances. A container means a system partition based on software rather than hardware. Guests means a VM system running on a host system where the host runs its own complete OS Instance (as opposed to a hypervisor), like VMware Workstation. Zone means Oracle/Sun Solaris specific nomenclature for a software partition which can run a virtual OS instance including but not limited to Sparse, native, and ipkg.

Professional Services Engagement(s)

Means a contract between Security Consultant and a third party for the Security Consultant to perform a Web Application Vulnerability Assessment of a defined web site or a Static Code Analysis on behalf of the third party.

Project or Prj

Means a unique code base analyzed by Security Fortify Static Code Analyzer or managed by Security Fortify Governance.

Power User

Means a named user authorized to use Security Fortify Software Security Center, Security Fortify Static Code Analyzer, IDE plug-in and Audit Workbench to run Scans on and view results for all Projects.

Regular User

Means a Named User authorized to use Security Fortify Software Security Center to view results for only Projects that they have worked on. A Security Fortify Static Code Analyzer Regular User license is authorized to use IDE plug ins to run Scans and view results for only Projects that you have worked on.

A Software Security Center Regular User license (when purchased separately) includes a Security Fortify Static Code Analyzer Regular User License and therefore is authorized to use IDE plug ins to run Scans and view results for only Projects that you have worked on.

A Software Security Center Build To Order WebInspect Enterprise Edition license includes a version of Software Security Center Regular User that is not authorized to use IDE plug ins to run Scans and view results for only Projects that you have worked on.



Term

Definition

SaaS

Means Software as a Service which is a service that allows access to the software, support and related professional services, as described in an order document, datasheet or a Statement of Work (SOW).

Scan

Means the act of, through automated or manual means, examining computer software for security vulnerabilities.

Scanning Machine

Means the number of named physical or Virtual machines that are running the software.

Scanning User

Means a physical or Virtual Machine or a person authorized to run, configure, or submit Scans for licensed Applications.

Security Consultants

Means you who enters into Professional Services Engagement contracts with 3rd parties as part of their defined business offerings and as a material part of their day to day business.

Sensor

Means Instances of the of the Micro Focus scanning technology that acts on behalf of and are controlled by the AMP Base Server in order to provide application, system and networks scanning capabilities.

Server or SVR

Means any designated computer system in which an Instance or Instances of the software is installed.

Single Scan Overage or

SngScanOver

Means an incremental single Scan that can be purchased for FOD for MSPs.

Static Code Analysis

Means analyzing software source code, bytecode, or object code to find security vulnerabilities.

Static Engine

Means a single installed OS Instance of a static Application testing software used by Security Fortify Static Code Analyzer for Scanning Applications for security vulnerabilities. Static application testing software that is embedded in Security Fortify Audit Workbench and IDE Plug-ins are not considered Static Scanning Engines.

Suite

Means two or more software products combined into a single license offering or a single software product which includes two or more licenses. The specific software products included in a Suite are specified in the Software Specific License Terms below. Software products included in a Suite are governed by the individual authorizations and use restrictions associated with each software product except where specified in the specific Suite software specific license terms below.

Target

Means a unique logical computer system being scanned as part of a Web Application Vulnerability Assessment. A unique Target has a single authentication management system (log-in page). Web applications that expose services and end-points to support mobile applications are considered two distinct Targets (Web and Mobile). A unique Target application is a fully qualified domain name (FQDN) unless it is the same Target used for a staging or lab environment.

Term License to Use or

Term LTU

Means a software license to use (LTU) which indicates in its license description that the license is valid for a specific period of time such as One Month (1 M), One Year (1 Y) etc. Term LTU’s are not perpetual licenses.

Unlimited or Unl

Means without restriction in terms of number of systems, devices or media, depending on the context.

User

Means a user whose use is restricted to the type of software that is being licensed.

Virtual Machine(s) or

VM(s)

Means a computer that does not physically exist but is simulated by another computer.

Web Application Vulnerability Assessment or Web Application Vulnerability Assessment Scan

Means the act of, through automated or manual means, examining web based or web delivered computer software for security vulnerabilities.


Software specific license terms

Software products with software specific license terms are described below. Software products covered by this ALA document (as listed above) and not covered in this section do not have software specific license terms.


Security ArcSight Application View (previously called HPE Security ArcSight Application View)

Security ArcSight Application View is licensed by Application Instance for a single ArcSight Enterprise Security Manager or an ArcSight Express Implementation.


Fortify Audit Assistant On-Premise

Fortify Audit Assistant On-Premise is a results audit tool that uses expert security predictions to help audit the scan results of an application. An Audit Assistant instance license is licensed per installation. At least one (1) instance of Fortify Audit Assistant On-Premise is required to use the software and provided data.

DevInspect (previously called HPE DevInspect)

DevInspect assesses source code from within the developer’s environment and is licensed per Developer. One license is required for every Developer authorized to use DevInspect.

Security Fortify for Managed Service Provider on Premise (previously called HPE Security Fortify for Managed Service Provider on Premise)

Security Fortify for Managed Service Provider on Premise is licensed by Managed Service Provider for the eligible products and the number of Applications and/or Scans to be assessed. The license is limited to use by a Managed Service Provider who has signed a Managed Service Provider Agreement and only for the purpose of providing Managed Services. Security Fortify for Managed Service Provider on Premise cannot be used for internal use.

Security Fortify Governance (previously called HPE Security Fortify Governance)

Security Fortify Governance Base: Includes a license for ten (10) Projects. The Security Fortify Governance User license is required for each User authorized to customize process templates for use with Security Fortify Software Security Center.

Security Fortify Real-Time Analyzer (previously called HPE Security Fortify Real-Time Analyzer)

Security Fortify Real-Time Analyzer (RTA) requires one RTA Server license for each physical Server running one or more protected applications in a production environment. One RTA User license is required for each User authorized to configure and administer RTA on the licensed RTA Servers.

Security Fortify Runtime (previously called HPE Security Fortify Runtime)

Security Fortify Runtime requires one Security Fortify Runtime Platform Server license and either one Security Fortify Runtime Application Protection Server or one Security Fortify Runtime Application Logging Server license for each physical Server. Security Fortify Runtime Platform Server, Security Fortify Runtime Application Protection Server and Security Fortify Application Logging Server are licensed per single Server. One Security Fortify Runtime User license is required for each User authorized to configure and administer Security Fortify Runtime on the licensed Servers.

Security Fortify Static Code Analyzer (previously called HPE Security Fortify Static Code Analyzer)

Security Fortify Static Code Analyzer (SCA) Scans a code base, produces results, and stores those results in a Fortify Project Report (FPR) file. A Project is a unique code base, upon which you choose to perform a Scan using Security Fortify SCA and generate an FPR file. Every unique code base that is Scanned is considered to be a Project. A separate license for each Project is required. Project licenses cannot be reused or reassigned. The definition of a Project is independent of how the operator chooses to initiate a Security Fortify SCA Scan: from Fortify SCA Audit Workbench, IDE Plug-In or part of a build process.


Security Fortify Static Code Analyzer Build to Order Starter Edition: Includes a license for one (1) Software Security Center, one (1) Scanning Machine, one (1) Power User, and thirty (30) Projects.


Security Fortify Static Code Analyzer Build to Order Starter Edition without Software Security Center: Includes a license for one (1) Scanning Machine, one (1) Power User, and thirty (30) Projects.

Security Fortify Static Code Analyzer Flexible Deployment Plan: Includes unlimited usage of Security Fortify Software Security Center, Security Fortify Static Code Analyzer, Audit Workbench and IDE plug-ins to scan code written by Named Contributing Developer licenses. This licensing arrangement is based solely on the number of Named Contributing Developers that are authorized to contribute code to the projects to be scanned by Security Fortify Static Code Analyzer. It is not based on the number of people using the software. A Named Contributing Developer license is required for the maximum number of software developers that contributes to the code base of a Project at any given time; therefore, a Named Contributing Developer license reflects a maximum capacity of developers contributing code to the Projects and is not assigned to a specific named developer. Developers may transfer in and out of the Project without impacting the licenses as long as the maximum number of contributing developers does not exceed the number of Named Contributing Developer licenses. Code contributed by developers not included in the licensed number of Named Contributing Developers is not authorized to be scanned by the software.


Security Fortify Static Code Analyzer Lines of Code Plan: Includes Unlimited usage of Security Fortify Software Security Center, Security Fortify Static Code Analyzer, Audit Workbench and IDE plug-ins to Scan code licensed under the plan. The number of Lines of Code authorized under this plan is based on the aggregate number of lines of software source code before compilation in all Projects to be Scanned. The Lines of Code should be counted by an industry standard method for counting Lines of Code.


Security Fortify Software Security Center Server: Every individual authorized by you to use the Security Fortify Software Security Center Server for any purpose must be a licensed User through one of the following license plans: Build to Order, Flexible Deployment or Lines of Code. In the Build to Order plan, either a Regular User or a Power User license is required for any individual that uses the Server for any purpose, including but not limited to viewing results and reports, managing Projects, Scanning Projects, managing Users, or accessing the collaboration module. In the Flexible Deployment or Lines of Code plans, any individual authorized by you is able to use the Security Fortify Software Security Center server, but only for licensed Projects. Security WebInspect Enterprise, Security Fortify Governance Projects and Security Fortify Governance Users authorized to customize process templates are licensed separately and are not included by default in any of these license plans.


Security Fortify Scanner Model

With this license model, Fortify does not count the number of machines where the software is installed, but the number of active scans happening at any given time. Fortify Static Code Analyzer and WebInspect can be installed on an unlimited number of machines. A Fortify Scan Machine license is required for any single scan being executed on any machine. Any scan running requires an active Scan Machine license to be used. A machine not actively running a scan is not counted against the quantity of Fortify Scan Machines purchased. A machine is considered to be anything used for physical or virtual scanning (including a container).

Examples:



A minimum of two (2) Fortify Scan Machines and one (1) Fortify user is required per customer. No use of the software is allowed by anyone who is not a Fortify User. No mixing of license models is allowed.

Only one (1) Fortify User is allowed per Fortify Dynamic Only Scan Machine. A Fortify Dynamic Only Scan Machine cannot have multiple users, it is limited to 1 Fortify User.


Security Fortify Edition Suite Add-ons (previously called HPE Security Fortify Edition Suite Add-ons)

Security Fortify Add-on Applications with Dynamic Engine are licensed by Application and Dynamic Engine (prior to May 1, 2015).


Security Fortify Add-on Applications with Static Engine are licensed by Application and Static Engine (prior to May 1, 2015).


Security Fortify Add-on Application Packs are licensed by Application.


Security Fortify Add-on Dynamic Engine is licensed by Dynamic Engine (prior to May 1, 2015).


Security Fortify Add-on Static Engine is licensed by Static Engine (prior to May 1, 2015).


All the Security Fortify Add-ons referenced above require a license for one of the Security Fortify Edition Suites.


Security Application Defender (previously called HPE Security Application Defender)

Security Application Defender is a service that monitors and protects customer’s Applications. The on-premise solution consists of two independently licensed components, the Application Defender Server is licensed per Implementation and the Application Defender Agents are licensed per Application Instance. A working solution requires at least one Application Defender Server and one or more Application Defender Agents.

Security WebInspect (previously called HPE Security WebInspect)

Security WebInspect Named User License: WebInspect Named User License is for use on one (1) OS Instance. There are no limits on the number of Scans performed or the number of Targets scanned.


Security WebInspect Concurrent User License: WebInspect Concurrent Users License is required for each of the end users of the Clients who concurrently access the software functionality. WebInspect Concurrent Users require the License and Infrastructure Manager Server. WebInspect Concurrent User licenses may be purchased individually and added to new or to existing AMP Base Servers. There are no limits on the number of Scans performed or the number of Targets scanned.

WebInspect Concurrent User Licenses require a licensed, installed and active Instance of a Micro Focus License and Infrastructure Manager. Available AMP Concurrent User License required when connecting to the AMP Base Server.


Security WebInspect Single Scan Target License: WebInspect Single Scan Target License performs unlimited web application vulnerability Scans on a single IP address. This license is further restricted to installation on not more than five (5) logical computer systems. Available AMP Concurrent User License required when connecting to the AMP Base Server. You may request two (2) changes to the IP address in a 12 month period. Micro Focus maintains the right to refuse the change in cases where the change of IP address is outside of normal IT operations.


Security WebInspect Security Consultant Term License: The WebInspect Term Licenses are limited to: 1) use by Security Consultants and only for the purpose of performing Web Application Vulnerability Assessments during the course of a Professional Services Engagement and 2) a single Web Application Vulnerability Assessment in the case of the one (1) month License, or a series of single Web Application Vulnerability Assessments in the case of a one (1) year License. WebInspect Term LTU is restricted to one (1) Named User for use on (1) OS Instance for a limited time period. License includes the ability to Scan premium languages.


Security WebInspect Flexible Deployment Plan License: The WebInspect Flexible Deployment Plan License enables unlimited Web Application Vulnerability Assessment Scans for a single Target. This license allows an unlimited number of logical computer systems.

Security WebInspect Enterprise (previously called HPE Security WebInspect Enterprise)

Security WebInspect Enterprise license entitles User to install one Instance of the Security WebInspect Enterprise software. Every individual authorized by you to use the Security WebInspect Enterprise software for configuring, managing, executing, auditing, reviewing or reporting on Scans must be a licensed User of Security Fortify Software Security Center Server. Users that only login to request Scans do not require a User license.


Security WebInspect Enterprise Security Consultant Suite: The WebInspect Enterprise for Security Consultant Suite Term License is limited to: 1) use by Security Consultants and only for the purpose of performing Web Application Vulnerability Assessments during the course of a Professional Services Engagement and 2) a series of single Web Application Vulnerability Assessments in the case of a one (1) year License.

Sonatype Fortify On Premise

Sonatype Fortify On Premise is offered to Fortify customers who need open source scanning with their static code analysis. The open sources scans are powered by Sonatype’s Nexus Intelligence. The Fortify Sonatype offering is available per application and per developer. Must own Fortify Static Code Analyzer and Software Security Center to use offering.


Fortify Sonatype Per Developer: Includes unlimited usage of the Sonatype On Premise offering to scan code written by named contributing developer licenses. This licensing arrangement is based solely on the number of Named Contributing Developers that are authorized to contribute code to the projects to be scanned by the Fortify Sonatype Offering. It is not based on the number of people using the software. A Named Contributing Developer license is required for the maximum number of software developers that contributes to the code base of a Project at any given time; therefore, a Named Contributing Developer license reflects a maximum capacity of developers contributing code to the Projects and is not assigned to a specific named developer. Developers may transfer in and out of the Project without impacting the licenses as long as the maximum number of contributing developers does not exceed the number of Named Contributing Developer licenses. Code contributed by developers not included in the licensed number of Named Contributing Developers is not authorized to be scanned by the software.


Fortify Sonatype Per Application: Includes usage for the number of applications purchased. An Application (see Project) is a unique code base upon which you choose to perform a scan using Security Fortify SCA and generate a FPR file. Every unique code base that is scanned is considered to be an Application. A Sonatype Application is required for every application used by SCA.


Application Security Suite offerings


Suite

Offering includes

Additional terms (if any)

Security Fortify Express Edition Suite

Suites sold until April 30, 2015:

  • 10 Applications

  • 1 Security WebInspect Dynamic Engine Suites sold as of May 1, 2015:

  • 10 Applications

  • 1 Security WebInspect Named User


  • Suite includes Security WebInspect to dynamically scan up to 10 Applications by one Named User.

Security Fortify Premium Edition Suite

Suites sold until April 30, 2015:

  • 10 Applications

  • 1 Security Fortify Static Code Analyzer Static Engine

  • Secure Coding Plug-ins

  • Audit Workbench

  • Security Software Security Center Suites sold as of May 1, 2015:

  • 10 Applications

  • 5 Security Fortify Scanning Users

  • Security Fortify Static Code Analyzer Static Engine

  • Secure Coding Plug-ins

  • Audit Workbench

  • Security Software Security Center

  • Premium Languages


  • Scan code and audit Scan data by individuals authorized as Scanning Users on licensed Applications which are licensed by the number of Scanning Users and Applications to be scanned by Security Fortify Static Code Analyzer.

  • A Scanning User license is required for each physical or Virtual Machine or a person authorized to run, configure, or submit Scans for licensed Applications.

  • The maximum number of Scanning Users may not exceed the number of Scanning User licenses.

  • Use of software products and tools by individuals not authorized as Scanning Users on licensed Applications is restricted to viewing Scan data in Software Security Center.

Security Fortify Ultimate Edition Suite

Suites sold until April 30, 2015:

  • 20 Applications

  • 1 Security WebInspect Dynamic Engine

  • 1 Security Fortify Static Code Analyzer Static Engine

  • Secure Coding Plug-ins

  • Audit Workbench

  • Security Software Security Center

  • Security WebInspect Enterprise Suites sold as of May 1, 2015:

  • 10 Applications

  • Unlimited Dynamic Applications

  • 5 Security Fortify Scanning Users

  • Security Fortify Static Code Analyzer Static Engine

  • Secure Coding Plug-ins

  • Audit Workbench

  • Premium Languages

  • Security Software Security Center

  • Security WebInspect Enterprise

  • Security Fortify Governance


  • Scan code and audit Scan data by individuals authorized as Scanning Users on licensed Applications which are licensed by the number of Scanning Users and Applications to be scanned by Security Fortify Static Code Analyzer.

  • A Scanning User license is required for each physical or Virtual Machine or a person authorized to run, configure, or submit Scans for licensed Applications.

  • The maximum number of Scanning Users may not exceed the number of Scanning User licenses.

  • Use of software products and tools by individuals not authorized as Scanning Users on licensed



Suite


Offering includes


Additional terms (if any)



Applications is restricted to viewing Scan data in Software Security Center.

  • Security WebInspect Enterprise is licensed by the number of Sensors which perform Unlimited dynamic Scans.

Security Fortify Runtime Suite

  • 1 Security Fortify Runtime Platform Server

  • 1 Security Fortify Runtime Application Protection Server

  • 1 Security Fortify Runtime Application Logging Server

  • 1 Security Fortify Runtime User


Security Software Security Center Starter Edition

  • 1 Security Software Security Center Build to Order Server

  • 1 Security Software Security Center Build to Order Power User

  • 1 Security Fortify Static Code Analyzer Scanning Machine

  • 30 Security Fortify Static Code Analyzer Projects


Security Software Security Center Starter Edition w/o SSC Server

  • 1 Security Software Security Center Build to Order Power User

  • 1 Security Fortify Static Code Analyzer Scanning Machine

  • 30 Security Fortify Static Code Analyzer Projects


Security WebInspect Enterprise Build to Order Starter Edition Suite

  • 1 Security Software Security Center Build to Order Server

  • 1 Security WebInspect Enterprise Build to Order OS Instance

  • 1 Security WebInspect Enterprise Sensor

  • 1 Security WebInspect Named User

  • 5 Security Software Security Center Build to Order Regular Users


Security WebInspect Enterprise Security Consultant Suite

  • 1 Security Software Security Center Server Instance

  • 1 Security WebInspect Enterprise Server Instance

  • 1 Security WebInspect Enterprise Sensor

  • 1 Security WebInspect Security Consultant Named User (Desktop but can push to Software Security Center)

  • 5 Security Software Security Center Regular Users

  • Unlimited Scans

  • 30 Projects




Additional license terms



Term

A.

Software contains software and associated specifications licensed from third parties that are confidential to, and trade secrets of, such parties. You will not take any action other than to Use it as authorized under the agreement as part of the software products and will not disclose it to third parties.

B.

You shall install and use the software as authorized in the applicable agreement only as a complete product and may not use portions of such software on a standalone basis separate from the complete software unless expressly authorized in the Supporting Material, specifications or an applicable agreement.

C.

The software is restricted to use solely for the purpose of scanning software for security vulnerabilities that is (i) owned by you; (ii) for which you have a valid license to use; or (iii) with the explicit consent of the owner of the to be scanned and may not be used for any other purpose.

D.

You shall not install or use the software on any third party or shared (hosted) server without explicit consent from the third party.

E.

To the extent this restriction is not prohibited under applicable law, you shall not disclose to any third party the results of (i) any performance benchmarks you run on software products themselves, or any portion thereof, or (ii) specific detailed comparisons you make between software products, or any portion thereof, and any of your or third-party products, in each case under (i) and (ii) without the prior written consent of Micro Focus.

F.

LICENSEE ACKNOWLEDGES THAT SOME OF THE SOFTWARE IS DESIGNED TO TEST THE SECURITY OF COMPUTER SOFTWARE AND WHEN FUNCTIONING PROPERLY IN ACCORDANCE WITH ITS SPECIFICATIONS MAY NEVERTHELESS DISCLOSE OR CREATE PROBLEMS IN THE OPERATION OF THE SYSTEMS TESTED. LICENSEE ACCEPTS THIS RISK AND ASSUMES FULL RESPONSIBILITY FOR ANY SUCH PROBLEMS THAT MIGHT RESULT.


software.microfocus.com/legal/software-licensing

Latest version of software licensing documents



© Copyright 2009-2020 Micro Focus. The only warranties for Micro Focus and its subsidiaries products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.