Skip to main content

Set up the Fortify connector

Fortify on Demand is a cloud-based application security solution that provides automated and manual testing for vulnerabilities in software, offering tools like SAST, DAST, SCA, and MAST to ensure secure development at scale.

By integrating Fortify On Demand, Veracode Risk Manager (VRM) leverages its insights to recommend the best next actions for security teams, ensuring seamless alignment with their broader tool stack and promoting a unified, strategic approach to security management.

Generate API and secret keys

Fortify On Demand provides a REST API that allows you to programmatically access your Fortify On Demand data. To connect the Fortify connector in VRM, you must generate an API key and secret key.

Prerequisites:

You must have a Fortify On Demand account with the Security Lead user role.

To complete this task:

  1. Log in to the Fortify On Demand platform.

  2. From the top navigation bar, select Administration.

  3. From the left navigation menu, select Settings findingsIcon.png.

  4. Select the API tab.

  5. Select Add Key.

  6. For Name, enter Longbow.

  7. For Role, select Read Only.

  8. Set Authorize app to use API to Yes.

    Add API key

  9. Select Save.

  10. Copy the secret key to a secure location. You will not be able to view it again after you close the window.

  11. Select Close.

  12. On the API tab of the Settings page, copy the API Key value to a secure location.

    You will need both the API key and the secret key to create the VRM connector.

Create a VRM connector

  1. In VRM, from the left navigation menu, select the Settings icon settings_icon.png.
  2. Select Add Connector.
  3. Select the Fortify tile.
  4. Enter a name for the connector.
  5. For Base URL, enter the appropriate URL for your Fortify On Demand deployment:
    • North America: https://api.ams.fortify.com
    • Europe: https://api.emea.fortify.com
    • Asia-Pacific (APAC): https://api.apac.fortify.com
  6. For Client ID, enter the API key you copied from the Fortify On Demand platform.
  7. For CLient Secret, enter the secret key you copied from the Fortify On Demand platform.
  8. Select Add Connector.

Validate your data

After successfully connecting the Fortify Connector within VRM, it will take some time for VRM to fetch the findings.

After the connector has completed the fetch, validate that VRM correctly ingested the data.

  1. In VRM, select Findings Findings icon from the left navigation menu.
  2. Select the Findings Source filter and select Fortify.

The Findings table lists the Fortify vulnerability findings.

Last updated on