OpenText Static Application Security Testing (SAST) Installer 🛡️

A comprehensive setup and deployment solution for OpenText Fortify Static Application Security Testing (SAST) - formerly Fortify SCA - with support for both standalone installation and ScanCentral SAST Sensor deployment.

📋 Table of Contents

Overview
Features
Prerequisites
Installation
Usage
Docker Deployment
Configuration
Project Structure
Troubleshooting
Contributing
License

🎯 Overview

This project provides automated setup and deployment scripts for OpenText Fortify SAST, enabling organizations to quickly deploy and configure static application security testing capabilities. It supports multiple deployment modes including standalone installation and ScanCentral SAST Sensor worker deployment.

✨ Features

Automated Installation: Streamlined setup process for Fortify SAST
Multiple Deployment Modes:
- Standalone SAST installation
- ScanCentral SAST Sensor worker installation
- Docker container deployment
Certificate Management: Automatic certificate import and keystore configuration
Systemd Service Integration: Automatic service creation for worker mode
Docker Support: Containerized deployment with resource limits
Post-Installation Configuration: Automated rulepack updates and configuration

🔧 Prerequisites

System Requirements

OS: Ubuntu 20.04+ or compatible Linux distribution
Architecture: x86_64
Memory: Minimum 4GB RAM (8GB recommended)
Storage: At least 10GB free disk space
Network: Internet access for downloads and updates

Software Requirements

Docker: Docker Engine 20.10+ (for containerized deployment)
Docker Compose: Version 2.0+ (for orchestrated deployment)

Required Files

Before running the setup, ensure you have the following files in place:

sca/
├── cert/                    # SSL certificates (*.crt files)
├── download/                # Fortify SAST installation archive
│   └── OpenText_SAST_Fortify_Linux_25.2.0.tar.gz
├── env/                     # Environment configuration
│   ├── fortify.license      # Fortify license file
│   ├── fortify.sh          # Worker script
│   └── sast-post-install.sh # Post-installation script
└── docker/                  # Docker configuration files

🚀 Installation

1. Clone the Repository

git clone <repository-url>
cd sca

2. Prepare Required Files

Place your Fortify SAST installation archive in the download/ directory:

# Example: Copy your Fortify SAST archive
cp /path/to/OpenText_SAST_Fortify_Linux_25.2.0.tar.gz download/

Add your SSL certificates to the cert/ directory:

# Example: Copy SSL certificates
cp /path/to/your/certificates/*.crt cert/

Configure your license and environment files in the env/ directory:

# Copy your Fortify license
cp /path/to/fortify.license env/

3. Make Setup Script Executable

chmod +x setup.sh

4. Run Installation

Standalone SAST Installation

sudo ./setup.sh

ScanCentral SAST Sensor Worker Installation

sudo ./setup.sh worker

Docker Image Preparation

sudo ./setup.sh docker

📖 Usage

Standalone Mode

After installation, Fortify SAST will be available at /opt/fortify/:

# Run a scan
/opt/fortify/bin/sourceanalyzer -b myproject -scan

# Update rulepacks
/opt/fortify/bin/fortifyupdate -acceptKey -acceptSSLCertificate

Worker Mode

The worker service will be automatically started and enabled:

# Check service status
sudo systemctl status fortify

# View logs
sudo journalctl -u fortify -f

# Restart service
sudo systemctl restart fortify

Docker Deployment

Using Docker Compose

Navigate to the docker directory:

cd docker

Set environment variables (optional):

export SSC_URL="https://your-fortify-server.com"
export SCANCENTRAL_URL="https://your-scancentral-server.com/scancentral-ctrl"
export CLIENT_AUTH_TOKEN="your-client-token"
export WORKER_AUTH_TOKEN="your-worker-token"

Start the container:

docker-compose up -d

Manual Docker Build

# Build the image
docker build -f docker/Dockerfile.sast -t fortify-sast .

# Run the container
docker run -d \
  --name fortify-sast-worker \
  -e SSC_URL=https://your-fortify-server.com \
  -e SCANCENTRAL_URL=https://your-scancentral-server.com/scancentral-ctrl \
  fortify-sast

⚙️ Configuration

Environment Variables

Variable	Description	Default
`SSC_URL`	Fortify SSC server URL	`https://fortify.example.local`
`SCANCENTRAL_URL`	ScanCentral controller URL	`https://scancentral.example.local/scancentral-ctrl`
`CLIENT_AUTH_TOKEN`	Client authentication token	`67dcd21e-0414-401d-bf04-4aa54da3e0b4`
`WORKER_AUTH_TOKEN`	Worker authentication token	`67dcd21e-0414-401d-bf04-4aa54da3e0b4`
`SCA_DIR`	Fortify installation directory	`/opt/fortify`
`PWTOOL_KEYS_FILE`	Password tool keys file	`pwtool.key`

Installation Directories

Fortify Home: /data/fortify
Installation Directory: /opt/fortify
Service Script: /usr/local/sbin/fortify.sh
Systemd Service: /etc/systemd/system/fortify.service

📁 Project Structure

sca/
├── cert/                    # SSL certificates for secure connections
├── docker/                  # Docker configuration files
│   ├── docker-compose.yaml  # Docker Compose configuration
│   ├── Dockerfile.sast      # Docker image definition
│   └── fortify-sast.sh      # Container entry point script
├── download/                # Fortify SAST installation archives
├── env/                     # Environment configuration files
│   ├── fortify.license      # Fortify license file
│   ├── fortify.sh           # Worker script template
│   └── sast-post-install.sh # Post-installation configuration
├── setup.sh                 # Main installation script
└── README.md                # This file

🔍 Troubleshooting

Common Issues

Certificate Import Failures

# Check if certificates exist
ls -la cert/*.crt

# Verify Java installation
java -version

# Manual certificate import
sudo keytool -importcert -noprompt -trustcacerts -alias your-cert -file cert/your-cert.crt -cacerts -storepass changeit

Service Startup Issues

# Check service logs
sudo journalctl -u fortify -n 50

# Verify service configuration
sudo systemctl cat fortify

# Test worker script manually
sudo /usr/local/sbin/fortify.sh

Docker Container Issues

# Check container logs
docker logs sast-worker

# Verify environment variables
docker exec sast-worker env | grep -E "(SSC|SCANCENTRAL|AUTH_TOKEN)"

# Restart container
docker-compose restart

Log Locations

Systemd Service Logs: journalctl -u fortify
Worker Output: /opt/fortify/bin/workerout.txt
Docker Logs: docker logs sast-worker

🤝 Contributing

Fork the repository
Create a feature branch (git checkout -b feature/amazing-feature)
Commit your changes (git commit -m 'Add amazing feature')
Push to the branch (git push origin feature/amazing-feature)
Open a Pull Request

Development Guidelines

Follow shell scripting best practices
Add proper error handling and logging
Test on multiple Linux distributions
Update documentation for new features

📄 License

📞 Support

For support and questions:

Documentation: Check this README and inline script comments
Issues: Create an issue in the repository
Enterprise Support: Contact your OpenText Fortify representative

Note: This project requires valid OpenText Fortify licenses and proper network access to Fortify SSC and ScanCentral servers. Ensure compliance with your organization's security policies before deployment.

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
cert		cert
docker		docker
download		download
env		env
LICENSE		LICENSE
README.md		README.md
setup.sh		setup.sh

License

canerce/opentext-sast-installer

Folders and files

Latest commit

History

Repository files navigation