I want to perform SCA analysis on my source code. By following some tutorials, I learned that we need a setup like the one below:
SSC (Software Security Center)
Scan Central SAST Controller
Sensor
SCA Client
However, the trial version for Software Security Center is not available. The only possible way I found is Fortify On-Demand.
I understand that Fortify On-Demand is the cloud version of Software Security Center.
I am going to do a POC on Fortify SCA. Please provide me with solutions for the following questions:
- Is there any difference between Fortify On-Demand and SSC (or on-premise version)? If yes, what are they?
- In SSC, we configure all the mentioned components (Scan Central SAST Controller, SCA Client, Sensors). How do I set this up in the Fortify On-Demand version?
- What is fcli?