Micro Focus Fortify Software

Software Version: 21.2.0


System Requirements


Document Release Date: Revision 1: December 1, 2021 Software Release Date: November 2021



Legal Notices

Micro Focus The Lawn

22-30 Old Bath Road Newbury, Berkshire RG14 1QN UK

https://www.microfocus.com

Warranty

The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.

Restricted Rights Legend

Confidential computer software. Except as specifically indicated otherwise, a valid license from Micro Focus is required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.


Copyright Notice

© Copyright 2001 - 2021 Micro Focus or one of its affiliates

Trademark Notices

All trademarks, service marks, product names, and logos included in this document are the property of their respective owners.

Documentation Updates

The title page of this document contains the following identifying information:


This document was produced on December 01, 2021. To check for recent updates or to verify that you are using the most recent edition of a document, go to:

https://www.microfocus.com/support/documentation


Contents


Preface                                          7 Contacting Micro Focus Fortify Customer Support                    7 For More Information                                  7 About the Documentation Set                              7 Fortify Product Feature Videos                             7

Change Log                                         8

Introduction                                        9 Software Delivery                                    9 Software Licenses                                    9

Fortify Static Code Analyzer Requirements                         9 Hardware Requirements                                 9 Software Requirements                                 10 Platforms and Architectures                               10 Languages                                       11 Libraries                                      13 Build Tools                                      17 Compilers                                       18 Secure Code Plugins                                  18 Single Sign-On (SSO)                                19 Service Integrations for Fortify Static Code Analyzer Tools                20 Fortify Software Security Content                            20 BIRT Reports                                     20

Fortify Software Security Center Server Requirements                  21 Hardware Requirements                              21 Database Hardware Requirements                        21

Database Performance Metrics for Minimum and Recommended Hardware

Requirements                                  22 Platforms and Architectures                             22 Application Servers                                 22 Fortify Software Security Center Database                       23 Deploying Fortify Software Security Center to a Kubernetes Cluster (Optional Deployment Strategy)                                      24

Kubernetes Requirements                             24 Locally-Installed Tools Required                          24


Additional Requirements                              24 Browsers                                       25 Authentication Systems                                25 Single Sign-On (SSO)                                25 BIRT Reporting                                    26 Service Integrations for Fortify Software Security Center                 26

Fortify ScanCentral SAST Requirements                       26 Fortify ScanCentral SAST Application Server                     27 Fortify ScanCentral SAST Controller Requirements                  27 Controller Hardware Requirements                        27 Controller Platforms and Architectures                      27 Fortify ScanCentral SAST Client and Sensor Hardware Requirements           28 Sensor Disk Space Requirements                         28 Languages and Build Tools for Fortify ScanCentral SAST Sensor Project Translation    28 Languages                                  28 Build Tools                                  29

Fortify ScanCentral DAST Requirements                         29 Architectural Best Practices                              29 Fortify ScanCentral DAST Configuration Tool                      30 Software Requirements                               30 Hardware Requirements                              30 Fortify ScanCentral DAST Database Requirements                    30 Database Recommendations                            30 Fortify ScanCentral DAST Core Components VM                    31 Software Requirements                               31 Hardware Requirements                              31 Fortify ScanCentral DAST Sensor                            31 Fortify WebInspect on Docker Option                        31 Classic Fortify WebInspect Installation Option                     32 Fortify ScanCentral DAST Ports and Protocols                      32 DAST API Required Connections                          32 DAST Global Service Required Connections                     32 DAST Sensor Required Connections                         33 DAST Utility Service Required Connections                      33 Fortify ScanCentral DAST Browsers                          33 Standalone Web Macro Recorder Requirements                     34 Running as Administrator                              34 Software Integrations for Fortify ScanCentral DAST                   34


Fortify WebInspect Agent Requirements                         34 Platforms and Architectures                              34 Java Runtime Environments                              35 Java Application Servers                               35

.NET Frameworks                                    35 IIS for Windows Server                                 35

Fortify WebInspect Requirements                            36 WebInspect Hardware Requirements                          36 WebInspect Software Requirements                          37 Support for Postman                               38 Notes on SQL Server Editions                            38 WebInspect on Docker                                39 Hardware Requirements                              39 Fortify WebInspect Ports and Protocols                         40 Required Connections                               40 Optional Connections                               40 Connections for Tools                               43 Fortify WebInspect Agent                               43 WebInspect Software Development Kit (SDK)                      44 Software Integrations for Fortify WebInspect                      44

Fortify WebInspect Enterprise Requirements                      44 Installation and Upgrade Requirements                        44 Integrations for Fortify WebInspect Enterprise                     45 Fortify WebInspect Enterprise Database                        45 WebInspect Enterprise Hardware Requirements                    45 WebInspect Enterprise Software Requirements                     46 Administrative Console Requirements                         46 Hardware Requirements                             47 Software Requirements                             47 Fortify WebInspect Enterprise Ports and Protocols                   47 Required Connections                              48 Optional Connections                              49 Connections for Tools                              51 Fortify WebInspect Enterprise Sensor                         51 Fortify WebInspect Enterprise Notes and Limitations                  51

Fortify License and Infrastructure Manager Requirements                 52 Hardware Requirements                               52 Software Requirements                               52


LIM on Docker Requirements                             53

Version Compatibility Matrix                               53 Fortify Software Component Compatibility                       54 FPR File Compatibility                                54

Virtual Machine Support                                 55 Technologies no Longer Supported in this Release                     55 Technologies to Lose Support in the Next Release                     56

Acquiring Fortify Software                               56 About Verifying Software Downloads                         60 Preparing Your System for Digital Signature Verification               60 Verifying Software Downloads                          61

Assistive Technologies (Section 508)                          61 Send Documentation Feedback                              62


Preface

Contacting Micro Focus Fortify Customer Support

Visit the Support website to:


Acquiring Fortify Software

Micro Focus Fortify Software is available as an electronic download. For instructions on how to download the software from the Micro Focus Software Licenses and Downloads (SLD) portal (https://sld.microfocus.com/mysoftware/index), click Contact Us / Self Help to review the videos and the Quick Start Guide.

The following table lists the available packages and describes their contents.


File Name

Description

Fortify_SCA_and_Apps_

<version>_Windows.zip

Fortify Static Code Analyzer and Applications package for Windows This package includes:

  • Fortify Static Code Analyzer and Applications installer, which includes the following components:

    • Fortify Static Code Analyzer


File Name

Description


  • Fortify Audit Workbench

  • Fortify Custom Rules Editor

  • Fortify Plugin for Eclipse (Eclipse Complete Plugin)

  • Fortify Analysis Plugin for IntelliJ and Android Studio

  • Fortify Extension for Visual Studio

  • Fortify Scan Wizard

  • Sample projects

  • Fortify License and Infrastructure Manager installer

  • Fortify Remediation Plugin for Eclipse

  • Fortify Security Assistant Plugin for Eclipse

  • Fortify Remediation Plugin for JetBrains and Android Studio IDEs


Note: Fortify Software Security Content (Rulepacks and external metadata) can be downloaded during the installation.

Fortify_SCA_and_Apps_

<version>_Windows.zip.sig

Signature file for the Fortify Static Code Analyzer and Applications package for Windows

Fortify_SCA_and_Apps_

<version>_Linux.tar.gz

Fortify Static Code Analyzer and Applications package for Linux This package includes:

  • Fortify Static Code Analyzer and Applications installer, which includes the following components:

    • Fortify Static Code Analyzer

    • Fortify Audit Workbench

    • Fortify Custom Rules Editor

    • Fortify Plugin for Eclipse (Eclipse Complete Plugin)

    • Fortify Analysis Plugin for IntelliJ and Android Studio

    • Fortify Scan Wizard

    • Sample applications

  • Fortify Remediation Plugin for Eclipse


File Name

Description


  • Fortify Security Assistant Plugin for Eclipse

  • Fortify Remediation Plugin for JetBrains and Android Studio IDEs


Note: Fortify Software Security Content (Rulepacks and external metadata) can be downloaded during the installation.

Fortify_SCA_and_Apps_

<version>_Linux.tar.gz.sig

Signature file for Fortify Static Code Analyzer for Linux

Fortify_SCA_and_Apps_

<version>_Mac.tar.gz

Fortify Static Code Analyzer and Applications package for macOS This package includes:

  • Fortify Static Code Analyzer and Applications installer, which includes the following components:

    • Fortify Static Code Analyzer

    • Fortify Audit Workbench

    • Fortify Custom Rules Editor (Eclipse Complete Plugin)

    • Fortify Plugin for Eclipse

    • Fortify Analysis Plugin for IntelliJ and Android Studio

    • Fortify Scan Wizard

    • Sample projects

  • Fortify Remediation Plugin for Eclipse

  • Fortify Security Assistant Plugin for Eclipse

  • Fortify Remediation Plugin for JetBrains and Android Studio IDEs


Note: Fortify Software Security Content (Rulepacks and external metadata) can be downloaded during the installation.

Fortify_SCA_and_Apps_

<version>_Mac.tar.gz.sig

Signature file for the Fortify Static Code Analyzer and Applications package for macOS

Fortify_SCA_<version>_ Solaris.tar.gz

Fortify Static Code Analyzer for Solaris

Fortify_SCA_<version>_

Signature file for Fortify Static Code Analyzer for Solaris


File Name

Description

Solaris.tar.gz.sig


Fortify_SCA_<version>_ AIX.tar.gz

Fortify Static Code Analyzer for AIX

Fortify_SCA_<version>_ AIX.tar.gz.sig

Signature file for Fortify Static Code Analyzer for AIX

Fortify_SSC_Server_

<version>.zip

Fortify Software Security Center package This package includes:

  • Fortify Software Security Center WAR file

  • Fortify seed bundles

Fortify_SSC_Server_

<version>.zip.sig

Signature file for Fortify Software Security Center

Fortify_ScanCentral_ Controller_<version>.zip

Fortify ScanCentral SAST Controller package This package includes:

  • Fortify ScanCentral SAST

  • ScanCentral standalone client

Fortify_ScanCentral_ Controller_<version>.zip.sig

Signature file for Fortify ScanCentral SAST Controller

ScanCentral_DAST_

<version>.zip

Fortify ScanCentral DAST package This package includes:

  • Configuration Tool EXE

  • Scanner service and supporting bits

  • About Fortify Software Documentation (PDF)

ScanCentral_DAST_

<version>.zip.sig

Signature file for Fortify ScanCentral DAST

SecurityToolkit_

<version>.zip

Fortify WebInspect Toolkit package for use with Fortify WebInspect Enterprise

WebInspect_64_

<version>.zip

Fortify WebInspect 64-bit package


File Name

Description


This package includes:

  • Installer

  • About Fortify Software Documentation (PDF)

WebInspect_Agent_

<version>.zip

Fortify WebInspect Agent package

WI_Enterprise_<version>.zip

Fortify WebInspect Enterprise package

This package includes the following components:

  • Fortify WebInspect Enterprise server

  • Fortify WebInspect Enterprise Administrative Console

  • About Fortify Software Documentation (PDF)


About Verifying Software Downloads

This topic describes how to verify the digital signature of the signed file that you downloaded from the Micro Focus Fortify Customer Support site. Verification ensures that the downloaded package has not been altered since it was signed and posted to the site. Before proceeding with verification, download

the Fortify Software product files and their associated signature (*.sig) files. You are not required to verify the package to use the software, but your organization might require it for security reasons.


Preparing Your System for Digital Signature Verification


Note: These instructions describe a third-party product and might not match the specific, supported version you are using. See your product documentation for the instructions for your version.

To prepare your system for electronic media verification:

        1. Navigate to the GnuPG site (http://www.gnupg.org).

        2. Download and install GnuPG Privacy Guard.

        3. Generate a private key, as follows:

          1. Run the following command (on a Windows system, run the command without the $ prompt):

            $ gpg --gen-key

          2. When prompted for key type, select DSA and Elgamal.

          3. When prompted for a key size, select 2048.

          4. When prompted for the length of time the key should be valid, select key does not expire.

          5. Answer the user identification questions and provide a passphrase to protect your private key.


        4. Download the Micro Focus GPG public keys (compressed tar file) from https://mysupport.microfocus.com/documents/10180/0/MF_public_keys.tar.gz.

        5. Extract the public keys.

        6. Import each downloaded key with GnuPG with the following command:

gpg --import <path_to_key>/<key_file>


Verifying Software Downloads

To verify that the signature file matches the downloaded software package:

  1. Navigate to the directory where you stored the downloaded package and signature file.

  2. Run the following command:

    gpg --verify <file>.sig <filename>

    For example:


    gpg --verify Fortify_SSC_Server_21.2.0.zip.sig Fortify_SSC_Server_ 21.2.0.zip

  3. Examine the output to make sure that you receive verification that the software you downloaded is signed by Micro Focus Group Limited and is unaltered. Your output will include something similar to the following:


gpg: Signature made Fri, Oct 06, 2021 10:37:56 PM PDT using RSA key ID AA71A9CF

gpg: Good signature from "Micro Focus Group Limited RS A2048 1"


Note: A warning message might indicate that the public key is not known to the system. You can ignore this warning or set up your environment to trust these public keys.


Assistive Technologies (Section 508)

In accordance with section 508 of the Rehabilitation Act, Micro Focus Fortify Audit Workbench has been engineered to work with the JAWS screen reading software package from Freedom Scientific. JAWS provides text-to-speech support for use by the visually impaired. With JAWS, labels, text boxes, and other textual components can be read aloud, providing greater access to these technologies.

Micro Focus Fortify Software Security Center works well with the ChromeVox screen reader.

Send Documentation Feedback

If you have comments about this document, you can contact the documentation team by email.


Note: If you are experiencing a technical issue with our product, do not email the documentation team. Instead, contact Micro Focus Fortify Customer Support at https://www.microfocus.com/support so they can assist you.

If an email client is configured on this computer, click the link above to contact the documentation team and an email window opens with the following information in the subject line:

Feedback on System Requirements (Fortify Software 21.2.0)

Just add your feedback to the email and click send.

If no email client is available, copy the information above to a new message in a web mail client, and send your feedback to fortifydocteam@microfocus.com.

We appreciate your feedback!