Requirements to execute Fortify scan in Jenkins CI build pipeline
Re: Requirements to execute Fortify scan in Jenkins CI build pipeline
You need to have SCA installed on the machine where Jenkins will run the builds. For simple Jenkins setups, that's on the same machine where Jenkins itself (the Java webapp) is running, but if you are using master/agent "distributed builds", you'll need to make sure SCA is available on the agent where the build (and your script calling sourceanalyzer) will actually run.
SSC does not do sccans, and I wouldn't recommend having SCA scans running on the same machine where you have SSC deployed either.
Fortify L3 support engineer