Suggested Reading: What is a Scenario?
Fortify-on-Demand is a commercial tool and therefore a valid license is necessary to activate its Scenario.
Tool Specific Permissions
Before proceeding with the following steps, refer to the article Obtaining Fortify-on-Demand API Key for details you will need in some of the steps.
Obtaining Your FoD Owner ID
The set up orchestrated SAST scans via the ZeroNorth platform for Fortify-on-Demand, you will need to provide the Owner ID value. To obtain this value:
- Navigate to the FoD API at https://api.ams.fortify.com/swagger/ui/index .
- Click on the blue Authenticate button near the top of the page, and then provide your credentials to authenticate to the web API.
- Scroll down on the page to the Users section. Click on the label Users to expand that section.
- Click on the label /api/v3/users to expand that section.
- Click on the Try it out! button at the bottom of the expanded section.
The API will return a JSON message in the Response Body. Within this JSON message, look for an entry for your user name. The Owner ID needed for the Scenario activation is the value of the “userId” attribute.
Activate the “Fortify-on-Demand” Scenario
- Login to the web UI and then go to znADM > Scenarios .
- Locate the Fortify-on-Demand Scenario tile.
- Click on the +Add Scenario button to the bottom right of the tile.
- Select Scenario Configuration , which can be either “fortifyondemand-sast” or “fortifyondemand-dast”.
Items in bold are required.
- Name (see our Scenario Name Recommendations)
- Select the Data Center that hosts your Fortify-on-Demand account.
- Enter your Fortify-on-Demand Client Id (known as “API KEY” in FoD).
- Enter your Fortify-on-Demand Client Secret (known as “Secret” in FoD).
- Enter your Owner Id . See previous instructions for obtaining your Owner Id.
- Scenario will become available as a drop down when creating a Policy
- Scenario tile will change from “inactive” to “active”