Micro Focus

Fortify ScanCentral SAST

Software Version: 21.2.0


Installation, Configuration, and Usage Guide


Document Release Date: November 2021 Software Release Date: November 2021



Legal Notices

Micro Focus The Lawn

22-30 Old Bath Road Newbury, Berkshire RG14 1QN UK

https://www.microfocus.com

Warranty

The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.

Restricted Rights Legend

Confidential computer software. Except as specifically indicated otherwise, a valid license from Micro Focus is required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.


Copyright Notice

© Copyright 2011-2021 Micro Focus or one of its affiliates

Trademark Notices

All trademarks, service marks, product names, and logos included in this document are the property of their respective owners.

Documentation Updates

The title page of this document contains the following identifying information:


This document was produced on November 23, 2021. To check for recent updates or to verify that you are using the most recent edition of a document, go to:

https://www.microfocus.com/support/documentation


Contents


Preface                                              7 Contacting Micro Focus Fortify Customer Support                       7 For More Information                                     7 About the Documentation Set                                 7 Fortify Product Feature Videos                                 7


Change Log                                             8


Chapter 1: Introduction                                      12 Intended Audience                                      12

Related Documents                                      12 All Products                                        13 Micro Focus Fortify ScanCentral SAST                           14 Micro Focus Fortify Software Security Center                        14 Micro Focus Fortify Static Code Analyzer                          15

What's New in Micro Focus ScanCentral SAST 21.2.0                   16


Chapter 2: Fortify ScanCentral SAST Components                      18

Installing the Controller                                   20 Installing the Controller as a Service                           21 Uninstalling the Controller Service                            22

Configuring the ScanCentral SAST Controller                        22 Encrypting the Shared Secret                               29 Encrypting the Shared Secret on the Controller                    30 Encrypting the Shared Secret on a Sensor                       31 Encrypting the Shared Secret on a Client                       31 About the pool_mapping_mode Property                         32 Configuring the Logging Level on the Controller                     33

Securing the Controller                             34 Creating a Secure Connection Using Self-Signed Certificates             34 Creating a Secure Connection Using a Certificate Signed by a Certificate Signing

Authority                                          37



Securing the Controller for Authorized Client Use Only               40 Allowing CloudScan Clients that do not Support Client Authentication to Connect to

the Controller                                      40

Securing ScanCentral SAST Deployment                         41

Creating ScanCentral SAST Clients                              41 Creating a Standalone Client                               42 Creating an Embedded Client Using Fortify Static Code Analyzer             42 Updating a Client                                     43

Creating ScanCentral SAST Sensors                            43 Creating a Sensor Using Static Code Analyzer 21.2.0                   44 Creating a ScanCentral SAST Sensor as a Service                     44 Setting the Maximum Run Time for Scans                        45 Changing Sensor Expiration Time                            46

Support for Multiple Fortify Static Code Analyzer Versions             46 Configuring Sensors to Use the Progress Command when Starting on Java        47

(Windows only) Configuring Sensors to Offload Translation for .NET Languages      48 Enabling .NET Translation Capability on Sensors                  49 Using the MSBuild ScanCentral SAST Integration                  49 Excluding .NET Projects from Analysis                      50

Fortify Static Code Analyzer Mobile Build Session Version Compatibility         50

Starting the ScanCentral SAST Components                        51 Starting the Controller                                 51 Starting ScanCentral SAST Sensors                           51 Starting Fortify Software Security Center                        52

Placing the ScanCentral SAST Controller in Maintenance Mode               52 Removing the ScanCentral SAST Controller from Maintenance Mode           53 Safely Shutting Down Sensors                             53 Stopping the Controller                                 54


Chapter 3: About Upgrading ScanCentral SAST Components                 56 Upgrading the ScanCentral SAST Controller                        56 Upgrading ScanCentral SAST Sensors                           57 Enabling and Disabling Auto-Updates of Clients and Sensors                59


Chapter 4: Submitting Scan Requests                             61



Offloading Scanning Only                                 61 Targeting a Specific Sensor Pool for a Scan Request                     61 Offloading Both Translation and Scanning                          62 Working with Go Projects                                  64 Working with Python Projects                                65 Working with Apex Projects                                67 Generating a ScanCentral SAST Package                          69 Using the PackageScanner Tool                               70 Retrieving Scan Results from the Controller                         71 Viewing Scan Request Status                                72 Viewing Client and Sensor Logs                               72 Configuring Job Cleanup Timing on Sensors                         72


Chapter 5: Working with ScanCentral SAST from Fortify Software Security Center      74 Configuring the Connection to Fortify Software Security Center             74


Chapter 6: Submitting Scan Requests and Uploading Results to Fortify Software Security Center76


Appendix A: Configuring Sensor Auto-Start                         78

Enabling Sensor Auto-Start on Windows as a Service                    78 Troubleshooting                                    79

Enabling ScanCentral Sensor Auto-Start on Windows as a Scheduled Task        79 Enabling ScanCentral Sensor Auto-Start on a Linux System              82


Appendix B: Optimizing Scan Performance                          84


Appendix C: Fortify ScanCentral SAST Command-Line Options                  85 Global Options                                         85 Status Command                                        86 Start Command                                         86 Retrieve Command                                       90 Cancel Command                                        90 Worker Command                                       90



Package Command                                       91 Arguments Command                                     93 Progress Command                                      94

94


Send Documentation Feedback                                95

Preface


Preface


Contacting Micro Focus Fortify Customer Support

Visit the Support website to:

Installation, Configuration, and Usage Guide

Configuring the Connection to Fortify Software Security Center


To integrate Fortify Software Security Center with ScanCentral SAST:

  1. Log in to Fortify Software Security Center as an administrator, and then, on the Fortify header, click ADMINISTRATION.

  2. In the left panel, select Configuration, and then select ScanCentral SAST. The ScanCentral SAST page opens.

  3. To enable the polling of Controller to retrieve scan request status, select the Enable ScanCentral SAST check box.

  4. In the ScanCentral Controller URL box, type the URL for the Controller.

  5. In the ScanCentral poll period (seconds) box, either select or type the number of seconds to elapse between ScanCentral SAST polls.

  6. In the SSC and ScanCentral Controller shared secret box, type the password for Fortify Software Security Center to use when it requests data from the Controller. (If you use clear

    text, this string must match the value stored in the Controller config.properties file for the ssc_scancentral_ctrl_secret key.


    Note: The ssc_cloudctrl_secret key is supported for backward compatibility with Fortify CloudScan.

  7. Click SAVE.

  8. Restart the Fortify Software Security Center server.


Important! You must use the same or a later version of ScanCentral SAST as the Fortify Static Code Analyzer version installed on your clients.

See Also

"Working with ScanCentral SAST from Fortify Software Security Center" on the previous page "Starting the ScanCentral SAST Components" on page 51

Chapter 6: Submitting Scan Requests and Uploading Results to Fortify Software Security Center

To submit a scan request, the results of which you want to upload to an application version in Fortify Software Security Center, use the fortifyclient tool to obtain the application version ID, and access tokens from Fortify Software Security Center. You can reuse the token for future requests. For information about how to use the fortifyclient tool, see the Micro Focus Fortify Software Security Center User Guide.


Note: The Fortify Software Security Center user account must have permission to upload scan results for the application version, and must have access to the application version on Fortify Software Security Center. A user who submits a ScanCentral SAST job for upload to a Fortify Software Security Center application version must use a token that was obtained using an account that has permission to upload scan results. If a Fortify Software Security Center user is assigned to a target application version with a view-only role, and that user requests a token and uses it to submit the job, the upload fails.

To submit a job to be uploaded to an application version:

  1. Open a command prompt, and then type the following command:


    fortifyclient.bat listApplicationVersions -url <ssc_url> -user <user> -password

    <pwd>

    Sample Output


    ID

    Name


    Version

    10

    ScanCentral

    Test

    1.0

    12

    ScanCentral

    Test

    2.0

    4

    Bill Payment

    Processor

    1.1

    3

    Logistics


    2.5

    2

    Logistics


    1.3

    8

    RWI


    2.0

    5

    RWI


    1.0

    Installation, Configuration, and Usage Guide

    Chapter 6: Submitting Scan Requests and Uploading Results to Fortify Software Security Center


  2. To generate a Controller token, run the following command:


    fortifyclient.bat token -gettoken ScanCentralCtrlToken -url <ssc_url> -user

    <user> -password <pwd>


    Authorization Token: <..scancentralCtrlToken...>

  3. To submit your job and upload your scan results to a Fortify Software Security Center application version, run one of the following commands:


    scancentral.bat -sscurl <ssc_url> -ssctoken <ScanCentralCtrlToken> start -upload -versionid 10 -b <mybuildId> -uptoken <ScanCentralCtrlToken> -scan –Xmx2G


    Note: Instead of –versionid <version id>, you can pass –-application

    <application_name> --application-version <version_name>. The

    <application_name> and <version_name> must match the values in Fortify Software Security Center. These values are case sensitive.

    Typically, the steps above are combined into a scripted flow from a build server.


    Appendix A: Configuring Sensor Auto-Start

    The following procedures are designed to provide general guidance to enable sensor auto-start and may not be appropriate in all environments. Fortify strongly recommends that you review the instructions with your system administrator and make any changes required for your environment.

    This section contains the following topics:

    Enabling Sensor Auto-Start on Windows as a Service                  78 Enabling ScanCentral Sensor Auto-Start on Windows as a Scheduled Task         79 Enabling ScanCentral Sensor Auto-Start on a Linux System                82


    Enabling Sensor Auto-Start on Windows as a Service

    Check to make sure the Controller is running before you perform the following procedure. To enable sensor auto-start on Windows as a service:

    1. Log in to the sensor machine as a local admin user.


      Note: Sensors are dedicated machines that are meant only to run Fortify Static Code Analyzer on behalf of ScanCentral SAST; they are not shared with any other service. To avoid issues associated with insufficient privileges, use a fully-privileged administrative account for the auto-start setup.

    2. Open a command prompt and navigate to the <sca_install_dir>\bin\scancentral-worker-service directory.

    3. Run the setupworkerservice.bat script with no arguments to see the usage help.

    4. Re-run the batch script with the required arguments included.

    5. Open Windows Services and check to make sure that the sensor service is present.

    6. Right-click the listed sensor service, and then select Start.

    7. Fortify recommends that you change the startup type setting to Manual until you verify that the sensor runs successfully. After verification, change the startup type setting to Automatic (Delayed Start) in Windows Services.

    8. Check to make sure that the sensor communicates with the Controller.


See Also

"Creating a ScanCentral SAST Sensor as a Service" on page 44


Troubleshooting

Review the following logs to troubleshoot issues encountered during the configuration of sensor auto-start as a Windows service:


Enabling ScanCentral Sensor Auto-Start on Windows as a Scheduled Task

  1. Log on to the sensor machine as the local admin user.


    Note: Sensors are dedicated machines that are meant only to run Fortify Static Code Analyzer on behalf of Fortify ScanCentral SAST; they are not shared with any other service. To avoid issues related to insufficient privileges, use a fully-privileged administrator account for the auto-start setup.

  2. Start the Task Scheduler.

  3. In the Actions panel, select Create Task. The Create Task window opens.

  4. On the General tab, provide the following information:

    1. In the Name box, type a name for the task.

    2. Select the Run whether user is logged on or not option.

  5. Select the Actions tab, and then click New.


    The New Action dialog box opens.


    1. From the Action list, select a program to start.

    2. In the Program/script box, type the directory path to your scancentral.bat file.

      Example: <sca_install_dir>\bin\scancentral.bat

    3. In the Add arguments (optional) box, type the following:


      –url http://<host>:<port>/scancentral-ctrl worker >taskout.txt 2>&1

    4. In the Start in (optional) box, type the path to the ScanCentral sensor bin directory.

      Example: <sca_install_dir>\bin\

    5. Click OK.

  6. Return to the Task Scheduler and select the Triggers tab.



  7. Check to make sure that the At startup trigger is enabled, and then click OK.

  8. Select the Settings tab.



  9. Make sure the Stop the task if it runs longer than check box is cleared, and then click OK.

  10. Click Save.

  11. Restart the machine.

The script output in the taskout.txt file indicates whether the sensor started successfully.

You can also start and stop the scheduled task manually from the Task Scheduler interface when logged into the machine.


Enabling ScanCentral Sensor Auto-Start on a Linux System


Note: The following procedure has been tested with Red Hat; there may be some variation for other Linux varieties. Please review these steps with your system administrator before you make any changes.

  1. Log in to the machine as “root.”

  2. Run the visudo command to edit the sudoers file and disable requiretty.


    Defaults !requiretty



    Note: You can also disable requiretty per user.

  3. Set auto-start, as follows:

    1. Verify the command invocation from the console (modify according to your install directory).


      sudo -u <username> -- <sca_install_dir>/bin/ScanCentral -url <controller_url> worker > <sca_install_dir>/bin/workerout.txt 2>&1 &

      • Add the sudo command to the end of the file (add it before the line exit 0 if it exists).

      • The ampersand (&) at the end enables the machine to boot up even if sensor startup fails or hangs.

      • The double-dash (--) is important to separate the options for sudo from the options for your service.

    2. Make the change to the startup file.


      Caution! Make sure that you do not change anything else in your bootup script.


      vi /etc/rc.d/rc.local

  4. Check the setup:

    1. Reboot and log in to the machine as “root.”

    2. To verify the processes under root, type:


      ps -x | grep java

    3. Verify that the output shows that the sensor is not started under root.

    4. To verify the processes under the user, type:


      sudo -u <username> ps x | grep java

    5. Verify that the output displays the sensor process.

    6. To verify the existence and contents of the script output file, type:


tail -f/opt/<sca_install_dir>/bin/workerout.txt


Example: tail -f/Fortify/Fortify_SCA_and_Apps_

<version>/bin/workerout.txt


Appendix B: Optimizing Scan Performance

If you plan to regularly scan large applications, Fortify recommends that you run a manual test scan on hardware that is equivalent to the hardware on which your sensor is installed.

To optimize your scan:

  1. To set the Fortify Static Code Analyzer scan parameters for optimal performance, adjust the memory settings to align with your hardware.

    For information about how to tune Fortify Static Code Analyzer, see the Micro Focus Fortify Static Code Analyzer User Guide.

  2. Run the scan.

  3. Note the size of the resulting FPR file and scan log. To ensure that the ScanCentral Controller and Fortify Software Security Center can accept FPR or log files larger than 1 GB, increase the following file size threshold:

  4. Check to make sure that your Fortify Software Security Center hardware and application startup parameters are set to process very large FPR files. For more information, see the Micro Focus Fortify Static Code Analyzer User Guide.


Appendix C: Fortify ScanCentral SAST Command-Line Options

This appendix provides information about the command-line options that you can use with Fortify ScanCentral SAST.


Global Options

This section provides information about the command-line options that you can use with Fortify ScanCentral SAST.


Global Option

Use to:

-debug

Enables debug logging on ScanCentral SAST clients and sensors. For information on how to configure the logging level on the Controller, see "Configuring the Logging Level on the Controller " on page 33.

-h <command>

or


--help <command>

Get help for the selected command. To see all command help, type -h all.

-ssctoken

<

ScanCentralCtrlToken>

Specify the Fortify Software Security Center authorization token.

-sscurl <url>

Specify the Fortify Software Security Center server URL.

-url <url>

Specify the ScanCentral SAST Controller URL.

-version

Get the product version.


Status Command

Use the status command to check the status of the Controller or a job.


Option

Description

-ctrl

Verify that the Controller is running.

-token, --job-token <token>

Specify the job token to query.


Start Command

Use the start command to start a remote scan.


Option

Description

-application, --application

<name>

Specifies the Fortify Software Security Center application name.

--application-version<id>

Specifies the Fortify Software Security Center application version ID.

-bc, --build-command

<commands>

For use with Maven, Gradle and MSBuild. Specifies custom build parameters for preparing and building a project. For example, to invoke a Gradle build before packaging:

-Prelease=true clean customTask build

If you use the -bc option, and the build fails, ScanCentral stops working on the build.

(Gradle only) If you do not use -bc, the default command, default tasks and target are invoked. If the build fails, ScanCentral displays a warning, but

continues to work and then displays a message to indicate that the build procedure failed and your results may be incomplete.

-b, --build-id <id>

Specifies the build ID of the session to export.



Option

Description

-bf, --build-file <file>

Specifies the build file, unless it has a default name such as build.gradle or pom.xml. You cannot use this option with the -scan option.

-block

Waits for the job to complete, and then downloads the result.

-bt, --build-tool <name>

Specifies the build tool name used for the project. You cannot use this option with the -scan option.

Example: -bt mvn -bc "package --setting custom.xml"

-email <address>

Specifies the email address for job status notifications.

-exclude-disabled-projects

A boolean flag. By default (without this option), all projects in the solution, disabled or enabled, are translated.


Note: This option is for the Fortify Static Code Analyzer command line, not the MSBuild command line. No environment variable is associated with this flag, but you can get the same behavior from the MSBuild integration by setting the

ScaExcludeDisabledProjects property to true on the MSBuild command line.

-f, --output-file <file>

Specifies the name for the local FPR file output.

-filter <file>

Specifies the filter file to use during a scan (repeatable).

-hv, --php-version

<version>

Specifies the PHP version.



-log, --log-file <file>

Specifies the name for the local log file output.

-mbs <file>

Specifies the mobile build session to upload.

-o, --overwrite

Overwrites the existing FPR or log with new data.

-p, --package <file>

Specifies the project package file to upload.



Option

Description

-pool, --submit-to-pool

<uuid>

Specifies the sensor pool into which a sensor is to be placed at startup.

-projroot, --project-root

<dir>

Specifies the project directory for the mobile build session export.

-projtl, --project-template

<file>

Specifies the issue template file to include.

-pyr, --python-requirements

<file>

Specifies the Python project requirements file to install and collect dependencies.

-pyv, --python-virtual-env

<directory>

Specifies the Python virtual environment location.

-q, --quiet

Prevents the printing of stdout from the build execution.

-rules <file/dir>

Specifies custom rules file or directory to use during the scan (repeatable).

-sargs, --scan-args

Fortify Static Code Analyzer scan arguments (repeatable)

Takes a single string argument. For multiple scan

arguments, use multiple -sargs options. If the scan option has a path parameter that includes a space, enclose the path with single quotes.

-scan

Sets the point beyond which all arguments are for sourceanalyzer. You cannot use this option with the

--build-tool or --package option.

-snm, --scan-node-modules

Specifies node_modules dependencies in the package.

If you set --scan-node-modules, all third-party library scan results are added to the resulting FPR.


Tip: Because including node_modules dependencies in a package does not greatly improve type resolution or dataflow, and can result in an excessive number of false positives, Fortify



Option

Description


recommends that you exclude them from scans. By default, node_modules are not applied to a package unless you apply the --scan-node-

modules option from the command line.

-skipBuild

Disables the project preparation build step before

packaging. If you use -skipBuild option, the -bc

option (if used) is ignored.

-sp, --save-package <file>

Specifies the package file to save after uploading. The file extension must be *.zip.

-t, --include-test

Includes test source set (Gradle) or test scope (Maven) to scan (for Java projects only).

-targs, --translation-args

Fortify Static Code Analyzer translation arguments (repeatable)

Takes a single string argument. For multiple translation

arguments, use multiple -targs options. If the translation option has a path parameter that includes a space, enclose the path with single quotes.

-upload, --upload-to-ssc

Uploads the FPR to Fortify Software Security Center upon completion.

-uptoken, --ssc-upload token <token>

Specifies the Fortify Software Security Center file upload token.

-version, --application-version <name>

Specifies the Fortify Software Security Center application version name.

-yv, --python-version

<version>

Specifies the Python version to automatically find the installed Python. Allowed values: 2 or 3. This flag is ignored if the ScanCentral SAST client is started under

a Python virtual environment or if -python-virtual-env is specified.


Retrieve Command

Use the retrieve command to download the result of a remote scan job.


Option

Description

-block

Wait for the job to complete and download the result.

-f, --output-file <file>

Specify the file name for local FPR output.

-log, --log-file <file>

Specify the file name for local log output.

-o, --overwrite

Overwrite the existing FPR or log with new data.

-token, --job-token <token>

Specify the job token to query.


Cancel Command

Use the cancel command to cancel a remote scan job.


Option

Description

-token, --job-token <token>

Specify the job token to query.


Worker Command

Use the worker command to start or test a sensor.


Option

Description

-hello

Sensor reporting for duty.


Package Command

Use the package command to create a zip package of the specified project.


Option

Description

-bc, --build-command <commands>

Specify custom build parameters for preparing and building a project. For example, to invoke a Gradle build before packaging:

-Prelease=true clean customTask build

If you use the -bc option, and the build fails, ScanCentral stops working on the build.

(Gradle only) If you do not use -bc, the default tasks and targets are invoked. If the build fails, ScanCentral SAST displays a

warning, but continues.

You can use this option with Maven, Gradle and MSBuild.

-bf, --build-file <file>

Specify the build file if you are not using a default name such as build.gradle or pom.xml.

-bt, --build-tool <name>

Specify the build tool name used for the project. You cannot use this option with the project.

-hv, --php-version <version>

Specify the PHP version.

-o, --output <file>

Specify the output file name. The file extension must be *.zip.

-pyr, --python-requirements <file>

Specify the Python project requirements file to install and collect dependencies.

-pyv, --python-virtual-env

<directory>

Specify the Python virtual environment location.



Option

Description

-q, --quiet

Prevent the printing of stdout from the build execution.

-snm, --scan-node-modules

Specifies node_modules dependencies in the

package. If you set --scan-node-modules, all third-party library scan results are added to the resulting FPR.


Tip: Because including node_modules dependencies in a package does not improve type resolution or dataflow results, and because they degrade translation and scan speed, Fortify recommends that you exclude them from scans. By default, node_modules are not applied to a package unless you apply the

--scan-node-modules option from the command line.

-skipBuild

Disables the project preparation build step before packaging.

-t, --include-test

Include the test source set (Gradle) or test scope (Maven) to scan (for Java projects only).

-yv, --python-version <version>

Specify the Python version to automatically find the installed Python. Allowed values: 2 or

3. This flag is ignored if the ScanCentral SAST client is started under a Python virtual

environment or if -python-virtual-env is specified.


Arguments Command

Use the arguments command to generate a settings file for additional Fortify Static Code Analyzer command-line options.


Option

Description

-o, --overwrite

Overwrite the existing arguments file.

-p, --project-dir

<directory>

Specify the project directory in which to create the Fortify Static Code Analyzer translation and scan additional arguments file.

-sargs, --scan-args

Fortify Static Code Analyzer scan arguments (repeatable)

-targs, --translation-args

Fortify Static Code Analyzer translation arguments (repeatable)


Important! The -targs and -sargs options take a single string argument. To specify multiple translation or scan arguments, use multiple -targs and (or) -sargs options. If the translation or scan option has a path parameter that includes a space, enclose the path in single quotes.

Example: The following generates a fortify-sca.settings file in the current directory.


scancentral.bat arguments -o -targs "-Xmx4G" -targs "-cp 'myProject Dir/path to/lib/*.jar'" -targs "-exclude 'myProject Dir/path to/src/*.js'" -sargs "-Xms256M" -sargs "-analyzers controlflow,dataflow"

The resulting fortify-sca.settings file looks similar to the following:


{

"translationArgs": [ "-Xmx4G",

"-cp",

"myProject Dir/path to/lib/*.jar", "-exclude",

"myProject Dir/path to/src/*.jar"

],

"scanArgs": [

"-Xms256M",


"-analyzers", "controlflow,dataflow"

]


}


Progress Command

Use the progress command to get the progress of a Fortify Static Code Analyzer scan.


Important! If your projects are based on Java 11, and you want to use the progress command to check the progress of your scans, some minor sensor configuration is required. For instructions, see "Configuring Sensors to Use the Progress Command when Starting on Java" on page 47.

Send Documentation Feedback

If you have comments about this document, you can contact the documentation team by email.


Note: If you are experiencing a technical issue with our product, do not email the documentation team. Instead, contact Micro Focus Fortify Customer Support at https://www.microfocus.com/support so they can assist you.

If an email client is configured on this computer, click the link above to contact the documentation team and an email window opens with the following information in the subject line:

Feedback on Installation, Configuration, and Usage Guide (Fortify ScanCentral SAST 21.2.0)

Just add your feedback to the email and click send.

If no email client is available, copy the information above to a new message in a web mail client, and send your feedback to fortifydocteam@microfocus.com.

We appreciate your feedback!