Error: Uploading an older SCA fpr than the previous SCA fpr in Fortify SSC

I wanted to see how SSC handles different versions of SCA. I uploaded a project's fpr file scanned on SCA v17.10 and then uploaded a fpr generated by SCA v4.10 to SSC (same project). The error you get is: 


Exception: The SCA engine version of the uploaded scan (6.21.0005) is older than the most recent SCA engine version for this project version (17.10.0156). Please download the current project file. Open the FPR that you intended to upload in Audit Workbench and migrate it to the downloaded FPR. Save the FPR and upload it again.

I don't really understand what "migrate it to the downloaded FPR". Can someone tell me the steps I need to take to fix this problem? Thank you.

  • Good day cdelucia1,

     

    The SSC RULE

    1. You SSC Version  Instance should be the most current version. 

    Do not create SCA 18.20 FPRs and try to load to SSC Version 4.x. 16.x or 17.x

    2. If you load a project with a series of FPR's the must be done in Version Sequence.

        NOTE: SCAN 6.21.0004 is SCA 4.21 (old number schema) 'Very old'

      Example 1:

    You can load 4.21 then 17.10, but you can 'not' load in reverse.  17.10 then 4.21

     Example 2:  you can load 17.10 and then 18.10 and then 18 20,  but the Project will not accept 17.10 and 18.10 after the last 18.20 upload.  The project is locked at 18.20.   If the next FPR is 19.10. The project will be locked at 19.10 after upload.  Now 18.20 is locked out.

    Best, Paul

  • OK Please explain this better.

    I currently use SSC 18.2; but need to update SCA to 20.1 because now I need to scan NET Core 3.0. 

    Can I just update SCA to 20.1 and continue using SSC 18.2 ?

    Saying becasue I have reports that I am not sure but might be removed by SSC 20.1 and I need to keep using.

    The documentation for 20.1 says  The following reports will be removed in SSC 20.2.0: DISA STIG 3.x, SSA Application, SSA Portfolio  I currently use reports defined under groups "SSA Aplication Reports" and "SSA Portfolio Reports". IS there a specific report with the name "SSA Application" or does it refer to all reports under "SSA Aplication Reports". It is confusing.

    Your help will be appreciated.