Requirements to execute Fortify scan in Jenkins CI build pipeline


I need to execute Fortify scan in Jenkins as part of continuous integration build pipeline.  Code is mostly Java or  Javascript.  Currently Jenkins 2.114 is installed on a Linux VM and Fortify SSC 17.20 is installed on a separate Linux VM.   In order to execute Fortify SCA scan in Jenkins and upload the results to SSC do I need to install SCA on the same VM as Jenkins or can it be installed on the same VM as SSC ?  Please let me know. 




  • You need to have SCA installed on the machine where Jenkins will run the builds. For simple Jenkins setups, that's on the same machine where Jenkins itself (the Java webapp) is running, but if you are using master/agent  "distributed builds", you'll need to make sure SCA is available on the agent where the build (and your script calling sourceanalyzer) will actually run. 

    SSC does not do sccans, and I wouldn't recommend having SCA scans running on the same machine where you have SSC deployed either.


    Fortify L3 support engineer

  • What's the way to setup my javascript project to be able to run fortify scan as a part of jenkins and upload results in SSC?

Reply Children
No Data