Fortify CloudScan Error
I am in the process of setting up cloudscan. I created the controler using a secret rather than a hard coded password. I also created a sensor using a secret for the worker as well.
Everything was working fine from what I can tell until I tried to set up SSC. When I copied the secret from the config.properties on the controller and put it in SSC I began getting errros about not being to decode the secret. I opened a ticket with support and they asked me to run some DB updates. After I did that it still doesn't work but now I'm getting SSC errors all the time, looking at the ssc.log I see the below error. Anyone run into this on SSC 16.20
[ERROR] com.fortify.manager.service.cloudscan.CloudCtrlSyncServiceImpl - Failed to retrieve updates from CloudScan controller at http://<server name>:8080/cloud-ctrl (IllegalArgumentException - Base64 encoded data must have a length that is a multiple of 4)
DB Commands support had me run:
1. The cloud controller address -- I used the address from the case description, but please double check it for accuracy before applying:
UPDATE configproperty SET propertyValue = 'http://<address>:8080/cloud-ctrl' WHERE propertyName = 'cloud.ctrl.url';
2. The cloud scan shared secret -- please replace the <SECRET> placeholder below with the secret you have defined in the controller:
UPDATE configproperty SET propertyValue = '<SECRET>' WHERE propertyName = 'ssc.cloud.ctrl.secret';
3. To enable the polling:
UPDATE configproperty SET propertyValue = 'true' WHERE propertyName = 'cloud.ctrl.poll.enabled';
Re: Fortify CloudScan Error
Support solved my issue.
When setting up cloudscan with SSC, SSC asks to input the "SSC and CloudScan controller shared secret" it wants the actual password for the controller not the secret that is created with pwtool. When I input the secret from the config.properties file I was getting an error about not being able to decode the secret. After initially talking to support she had me manually update the database with the secret. This caused even more issues since when you input the password on the GUI it is base64 encoded and stored in the database. By storing an already base64 encoded value in the DB it's creating more issues. Hopefully this is helpfu to someone. The documentation is pretty sketchy in my opinion.