Fortify Architecture


Could anyone share the fortify architecture and its components design




  • Not sure if this answers your questions or not but here's how mine is.

    Fortify SSC is a WAR file which I have deployed to Tomcat 8.0.  The SSC server connects to a SQL Server DB.

    Fortify SCA is installed on a Jenkins server which is responsible for scanning code using the sourceanalyzer executable  Scan results are bundled into a FPR file and uploaded to the Fortify SSC server using the Fortify Jenkins Plugin.

    When you install Fortify SCA, it installs not only the sourceanalyzer executable but also Audit Workbench, Rules Editor, Process Designer, Scan Wizard, and Developer IDE plugins.