HP Fortify Software Security Center v3.60 System Requirements
HP Fortify Software Security Center v3.60 System Requirements
HP Fortify Software Security Center v3.60 System Requirements
60
System Requirements
Part Number: 1-184-2012-09-360-01
The HP Fortify Technical Communications team strives to provide the most comprehensive and accurate
documentation possible. To ensure that your documents are up to date, visit the HP Software Product Manuals site
at http://support.openview.hp.com/selfsolve/manuals.
Databases
HP Fortify Software Security Center supports the following databases in a production environment:
Databases
Character Sets
Drivers
MS SQL Server 2005 or
SQL_Latin1_General_
JTDS (Recommended)
2008 (recommended)
CP1_CI_AS, Unicode
JDBC 3.0 Type 4 driver for Microsoft SQL
Server version 1.2.2
Driver class:
net.sourceeforge.jtds.jdbc.Driver
Jar file: jtds-1.2.2.jar
UTF8, Latin1
UTF8, IBM-1252
Microsoft
Microsoft SQL Server JDBC Driver 2.0
Type 4
Driver class:
com.microsoft.sqlserver.jdbc.SQLServerDr
iver
Jar files:
sqljdbc4.jar (Java 6)
sqljdbc.jar (Java 5)
MySQL Connector/J 5.1 or 5.1.11
Driver class:
com.mysql.jdbc.driver
Jar file:
mysql-connector-java<Version_Number>-bin.jar
Oracle Database 11g Release 1
(11.1.0.7.0) JDBC Drivers
Driver class: oracle.jdbc.OracleDriver
Jar files:
jdbc6.jar (Java 6)
jdbc5.jar (Java 5)
Note: IBM DB2 drivers also require that
you add at least one of the following
driver license files to the CLASSPATH
before loading the JDBC driver and
seeding your database.
db2jcc_license_cisuz.jar
db2jcc_license_cu.jar
Databases
Character Sets
Drivers
evaluation purposes only. This database cannot be expanded or upgraded. Do not use it to store critical
data.
Database Disk Space
Use the following formula to estimate the size (in GB) of the HP Fortify Software Security Center database disk
space:
DB_Space (GB) =
where:
<TotalIssues> = Total number of issues in the system
<TotalArtifacts> = Total size of all uploaded artifacts and scan results
Notes: This equation produces only a rough estimate for the allocation of database disk space. The formula is not
intended for use in estimating disk space requirements for long term projects. The disk requirements for the HP
Fortify Software Security Center databases grow in proportion to the number of projects, scans, and issues in the
system.
Browsers
HP Fortify Software Security Center requires Flash Player version 10.2 or later. For the best experience, we
recommend that you use one of the following browsers with a minimum resolution of 1280x1024:
Browser
Flash Plugin
Firefox
Flash Player 11 (recommended)
Internet Explorer
Flash Player 11 (recommended)
Safari
Flash Player 11 (recommended)
Chrome
Flash Player 11 (recommended)
JAWS (See HP Fortify Assistive
Flash Player 11 (recommended)
Technologies Section 508)
Authentication Systems
Windows Active Directory Service
LDAP
Service Integrations
HP Fortify Software Security Center supports the following service integrations:
Service
Applications
Versions
Bug Creation
Bugzilla
3.0
HP ALM
11
JIRA
4.0
Authentication
CA SiteMinder
12
Active Directory
2003, 2008
Issue Import
AppDetective
6.0
AppScan
Dynamic Assessments
Notes:
ALM 11 changeset mapping is only supported in conjunction with VisualSVN.
Importing third-party issues may lose some functionality of the third-party format
Documentation
The documents listed in the following table apply to HP Fortify Software Security Center:
Document Name
PDF
HTML Help
HP Fortify Software
HP_Fortify_SSC_User_Guide_3.60.pdf
HP Fortify Software
Security Center User
Security Center Help
Guide
HP Fortify Software
N/A
Within the web
Security Center Process
application at
Guide
/ssc/guide/
HP Fortify Software
HP_Fortify_SSC_Installation_and_
HP Fortify Software
Security Center
Configuration_Guide_3.60.pdf
Security Center
Installation and
Installation and
Configuration Guide
Configuration Help
HP Fortify Software
HP_Fortify_Real_Time_Hybrid_Analysis_U
N/A
Security Center Real-Time
ser_Guide_3.60.pdf
Hybrid Analysis User
Guide
x86: 32-bit or
64-bit (recommended)
Mac OS
Solaris
x86
SPARC
x86
Itanium
HP-UX
Versions
Red Hat ES 4, ES5
Novell SUSE 10, Oracle EL 5.2
2003 SP1, 2008, XP,
Vista Business, Vista Ultimate,
Windows 7
10.6, 10.7
10
10
11.31
Notes:
Audit Workbench, Process Designer, Custom Rules Editor, and Scan Wizard are not supported on HP-UX, and
Oracle Solaris.
SCA has not been tested on all Linux variants, but most distributions are not known to cause issues.
SCA has been supported on other platforms in the past. If the operating system that you require is not in the
table above, please contact HP Fortify support for more information.
Languages
SCA supports the programming languages listed in the following table:
Language
Versions
ABAP/BSP
6
ActionScript/MXML (Flex)
3, 4
ASP.NET, VB.NET, C#
1.1, 2.0, 3.0, 3.5, 4.0
(.NET)
C/C++
See Compilers on page 6.
Classic ASP (with VBScript)
2, 3
COBOL
IBM Enterprise Cobol for z/OS 3.4.1 with IMS, DB2, CICS, MQ
CFML
5, 7, 8
HTML
4 and earlier
Java
1.3, 1.4, 1.5, 1.6, 1.7
JavaScript/AJAX
1.7
JSP
1.2, 2.1
Objective-C
See Compilers on page 6.
PHP
5.0 5.2
PL/SQL
8.1.6
Python
2.6
T-SQL
SQL Server 2005 and 2008
Visual Basic
6
VBScript
2.0, 5.0
XML
1.0
Note: iOS projects compiled using Objective-C require 4.3 or 4.5 of the iOS SDK.
MOFFETT TOWERS, 1140 ENTERPRISE WAY, SUNNYVALE, CA94089 USA P 650.735.2215
Build Tools
SCA supports the build tools listed in the following table:
Build Tool
Versions
Ant
1.5.x, 1.6.x, 1.7.x, 1.8.x
Maven
2.0.9 to 2.x.x
MSBuild
2, 3.5, 4
Xcodebuild
4.1, 4.2, 4.2.1, 4.3
Compilers
SCA supports the compilers listed in the following table:
Compilers
Operating Systems
Clang 2.9, 3.0
Mac OS
LLVM-GCC 4.2, 4.3
Mac OS
GNU gcc 2.9 4
Linux, HP-UX, Mac OS, Solaris, Windows
GNU g++ 3 4
Linux, HP-UX, Mac OS, Solaris, Windows
Intel icc 8.0
Linux
Microsoft cl 12.x 13.x
Windows
Sun cc / Sun CC 5.9, 5.10, 5.11
Solaris
Sun javac 1.3 1.6
Linux, HP-UX, Mac OS, Solaris, Windows
Integrated Development Environments
SCA supports the following integrated development environments:
Auditing and Scanning Plugins
Remediation Plugins (audit-only)
Eclipse 3.3, 3.4, 3.5, 3.6, 3.7
JDeveloper 10.1.3, 11.1.1
RAD 7, 7.5, 8.0, 8.5; RSA 7, 7.5, 8.0
IntelliJ 10, 11
JBuilder 2008 R2
Microsoft Visual Studio 2010
Microsoft Visual Studio 2003 (scanning only)
Microsoft Visual Studio 2005, 2008, 2010
Note: The HP Fortify Software Security Center Plugin for Eclipse requires JRE 1.5 or greater.
HP Fortify Build Monitor
HP Fortify Build Monitor supports the following Windows platforms and architectures:
Operating System
Architectures
Versions
Windows
x86: 32-bit and 64-bit
2003 SP1, 2008, XP
Windows
x86: 32-bit
2000
Note: Build Monitor is not supported on Windows Vista or later.
Service Integrations
HP Fortify Audit Workbench and Secure Code Plugins (SCP) support the following service integrations:
Service
Applications
Versions
Supported Tools
Bug Creation
Bugzilla
3.0
Audit Workbench,
Visual Studio SCP, Eclipse
SCP
HP Quality Center
9.2, 10.0
Audit Workbench,
Eclipse SCP
Microsoft Team
2005, 2008, 2010
Visual Studio SCP
Foundation Server
Software Security Center
3.60
Audit Workbench,
Bugtracker
Eclipse SCP
Issue Import
AppDetective
6.0
Issue Import
MOFFETT TOWERS, 1140 ENTERPRISE WAY, SUNNYVALE, CA94089 USA P 650.735.2215
Service
Applications
Versions
Supported Tools
AppScan
7.7, 7.9, 8.0
For compatibility with HP Fortify SSC, HP WebInspect, and HP AMP, see the HP
Fortify 3.60 Compatibility Matrix on page 15.
Notes:
HP Quality Center integration requires that you install the HPQC Client-Side Add-in software.
Team Foundation Server integration requires that you install the Visual Studio Team Explorer software. When
integrating with TFS 2010, Visual Studio SCP must be installed on a machine running Visual Studio 2010.
Documentation
The documents listed in the following table apply to HP Fortify Static Code Analyzer:
Document Name
PDF
HTML Help
HP Fortify Audit
HP_Fortify_Audit_Workbench_User_Guide_
HP Fortify Audit
Workbench User Guide
3.60.pdf
Workbench User Guide
Help
HP Fortify Eclipse
HP_Fortify_Eclipse_Plugin_Guide_3.60.pdf
HP Fortify Eclipse
Plugin Guide
Plugin Help
HP Fortify JDeveloper
HP_Fortify_JDeveloper_Install_and_Usage_
HP Fortify JDeveloper
Installation and Usage
Guide_3.60.pdf
Help
Guide
HP Fortify Package for
HP_Fortify_Visual_Studio_Install_and_
HP Fortify Visual Studio
Visual Studio
Config_3.60.pdf
Package Help
Installation and
Configuration Guide
HP Fortify Remediation
HP_Fortify_VS_2010_Remediation_3.60.pdf
HP Fortify Visual Studio
Package for Microsoft
2010 Remediation
Visual Studio 2010
Package Help
Installation and Usage
Guide
HP Fortify Remediation
HP_Fortify_IntelliJ_Remediation_3.60.pdf
HP Fortify IntelliJ
Plugin for IntelliJ
Remediation Plugin
Installation and Usage
Help
Guide
HP Fortify Software
HP_Fortify_Process_Designer_User_Guide_3.
N/A
Security Center Process
60.pdf
Designer User Guide
HP Fortify Static Code
HP_Fortify_SCA_Custom_Rules_3.60.pdf
N/A
Analyzer Custom Rules
Guide
HP Fortify Static Code
HP_Fortify_SCA_COBOL_Addendum_3.60.pdf
N/A
Analyzer for COBOL
Addendum
HP Fortify Static Code
HP_Fortify_SCA_Install_and_Config_3.60.pdf
HP Fortify v3.60 SCA
Analyzer Installation
Install & Config Help
and Configuration
Guide
HP Fortify Static Code
HP_Fortify_SCA_User_Guide_3.60.pdf
HP Fortify v3.60 SCA
Analyzer User Guide
User Help
HP Fortify Static Code
HP_Fortify_SCA_Utilities_User_Guide_
N/A
Analyzer Utilities User
3.60.pdf
Guide
HP Fortify CloudScan
HP Fortify CloudScan has three major components: CloudScan CLI, CloudScan Controller, and CloudScan Cloud. The
requirements for each component are listed below.
CloudScan CLI
Hardware Requirements
CloudScan CLI will run on any machine that supports HP Fortify Static Code Analyzer. Because CloudScan CLI is
installed on build machines running SCA, hardware requirements will be met.
CloudScan Controller
Hardware Requirements
HP Fortify Software recommends that you install the CloudScan Controller on a high-end processor running at 2
GHz with at least 4 GB of RAM.
Platforms and Architectures
The CloudScan Controller supports the following platforms and architectures:
Operating System
Architectures
Versions
Linux
x86: 32-bit or
Red Hat ES 4, ES5, Novell SUSE 10, Oracle EL 5.2
64-bit (recommended)
Windows
x86: 32-bit or
2003 SP1, 2008, XP
64-bit (recommended)
Vista Business, Vista Ultimate, Windows 7
Disk Space Requirement
To estimate the amount of disk space you will need on the machine running the CloudScan Controller, use the
following equation:
(number of jobs per day) (average size of mobile build session) (number of days data is persisted)
100MB is a conservative estimate for the average size of the mobile build session.
Seven days is the default for the number of days the data is persisted.
CloudScan Cloud
The CloudScan Cloud is created using the Cloudera CDH3u0 release of the Apache Hadoop distribution.
Your Cloudera Hadoop cluster will require at least two machines.
For information on creating your Hadoop network: https://ccp.cloudera.com/display/DOC/Documentation
Notes:
64-bit nodes with 8GB+ RAM are recommended.
The Hadoop slave nodes will require SCA to be installed. The official range of supported platforms for Cloudera
includes Linux distributions not officially supported by SCA. However, there are no known SCA issues on these
additional Linux variants.
The size and resource requirements of HP Fortify jobs running in this cluster are not typical. Leveraging an
existing Hadoop cluster may adversely affect the performance of other jobs running on the system. Create a
separate Cloudera Apache Hadoop cluster to use with CloudScan.
Documentation
The documents listed in the following table apply to HP Fortify CloudScan:
Document Name
PDF
HP Fortify CloudScan
HP_Fortify_CloudScan_Guide_3.60.pdf
Installation, Configuration,
and Usage Guide
HTML Help
HP Fortify CloudScan Help
10
11
Documentation
The following documentation applies to HP Fortify Real-Time Analyzer:
Document Name
PDF
HP Fortify Real-Time
HP_Fortify_RTA_Operator_Guide_3
Analyzer Operator Guide
.60.pdf
HP Fortify Real-Time
HP_Fortify_RTA_Java_Install_and_
Analyzer: Java Edition
Config_Guide_3.60.pdf
Installation and
Configuration Guide
HP Fortify Real-Time
HP_Fortify_RTA_DOTNET_Install_a
Analyzer: Microsoft .NET
nd_Config_Guide.3.60.pdf
Edition Installation and
Configuration Guide
HP Fortify Real-Time
HP_Fortify_RTA_Java_Designer_Gu
Analyzer: Java Edition
ide_3.60.pdf
Designer Guide
HP Fortify Real-Time
HP_Fortify_RTA_Rulepack_Kit_Gui
Analyzer: Rulepack Kit
de_
Guide
3.60.pdf
HP Fortify Real-Time
HP_Fortify_RTA_Net_Designer_Gui
Analyzer: .NET Edition
de_3.60.pdf
Designer Guide
HTML Help
HP Fortify v3.60 RTA Operator
Guide Help
HP Fortify v3.60 RTA Java
Install & Config Help
HP Fortify v3.60 RTA NET
Install & Config Help
N/A
N/A
N/A
12
13
Documentation
The following documentation applies to HP Fortify SecurityScope:
Document Name
PDF
HP Fortify SecurityScope
HP_Fortify_SecurityScope_User_
User Guide
Guide_3.60.pdf
HP Fortify SecurityScope:
HP_Fortify_SecurityScope_
Microsoft .NET Edition
DOTNET_Install_and_Config_3.6
Installation and
0.pdf
Configuration Guide
HP Fortify SecurityScope:
HP_Fortify_SecurityScope_Java_
Java Edition Installation
Install_and_Config_3.60.pdf
and Configuration Guide
HP Fortify SecurityScope
HP_Fortify_SecurityScope_Taint
Taint Rulepack Guide
_ Rulepack_Guide_3.60.pdf
HP Fortify Software
HP_Fortify_Real_Time_Hybrid_
Security Center Real-Time
Analysis_User_Guide_3.60.pdf
Hybrid Analysis User
Guide
HTML Help
HP Fortify SecurityScope User
Help
HP Fortify SecurityScope .NET
Edition Help
HP Fortify SecurityScope Java
Edition Help
N/A
N/A
14
15
Process Templates
HP Fortify Software Security Center 3.60 supports the following process templates:
Process Templates
2.0, 2.1, 2.5, 2.6, 2.6.1, 3.0, 3.1, 3.20, 3.30, 3.40, 3.50, and 3.60
(If you have older versions of Process Templates, you might need to open them
in 3.60 Process Designer first and make appropriate changes before they can be
accepted by HP Fortify Software Security Center 3.60.)
16
Description
Disc image of the entire Software Security Center product line.
After downloading, you will need to either mount the ISO image
or burn it to a DVD before installation. For Windows operating
systems.
Signature file for the Software Security Center product line ISO
for Windows.
Disc image of the entire Software Security Center product line.
After downloading, you will need to either mount the ISO image
or burn it to a DVD before installation. For Linux, Unix, and
Macintosh operating systems.
Signature File for the Software Security Center product line ISO
for Linux, Unix, and Macintosh operating systems.
HP Fortify Scan Wizard for Windows.
Signature file for HP Fortify Scan Wizard for Windows.
HP Fortify Scan Wizard for Macintosh OSX.
Signature file for HP Fortify Scan Wizard for Macintosh OSX.
HP Fortify Scan Wizard for Linux.
Signature file for HP Fortify Scan Wizard for Linux.
HP Fortify Demo Suite for Windows (x86)
Signature file for HP Fortify Demo Suite for Windows (x86)
HP Fortify Demo Suite for Windows (x64)
Signature file for HP Fortify Demo Suite for Windows (x64)
HP Fortify Demo Suite for Unix
Signature file for HP Fortify Demo Suite for Unix
HP Fortify Software Security Center
Signature file for HP Fortify Software Security Center
HP Fortify CloudScan Controller
17
File Name
HP_Fortify_CloudScan_Controller_3.60_TF3
02-15062.zip.sig
HP_Fortify_SecurityScope_3.60_TF30215074.zip
HP_Fortify_SecurityScope_3.60_TF30215074.zip.sig
HP_Fortify_RTA_3.60_TF302-15063.zip
HP_Fortify_RTA_3.60_TF302-15063.zip.sig
HP_Fortify_SCA_and_Apps_3.60_Windows_T
F302-15070.zip
HP_Fortify_SCA_and_Apps_3.60_Windows_T
F302-15070.zip.sig
HP_Fortify_SCA_and_Apps_3.60_Mac_TF30215069.tar.gz
HP_Fortify_SCA_and_Apps_3.60_Mac_TF30215069.tar.gz.sig
HP_Fortify_SCA_and_Apps_3.60_Linux_TF30
2-15068.tar.gz
HP_Fortify_SCA_and_Apps_3.60_Linux_TF30
2-15068.tar.gz.sig
Description
Signature file for HP Fortify CloudScan Controller
HP Fortify SecurityScope
Signature file for HP Fortify SecurityScope
HP Fortify RTA
Signature file for HP Fortify RTA
The HP Fortify SCA and Apps package for Windows includes:
Static Code Analyzer
Audit Workbench
HP Fortify SCA plugin for Eclipse
HP Fortify SCA plugin for Visual Studio 2003
HP Fortify SCA plugin for Visual Studio 2005
HP Fortify SCA plugin for Visual Studio 2008
HP Fortify SCA plugin for Visual Studio 2010
HP Fortify SCA plugin for Visual Studio 2010
Remediation
Note: The plugins for IntelliJ and Jdeveloper are available only on
DVD and as part of the ISO.
Signature files for the HP Fortify SCA and Apps package for
Windows
The HP Fortify SCA and Apps package for Macintosh includes:
Static Code Analyzer
Audit Workbench
HP Fortify SCA plugin for Eclipse
HP Fortify SCA plugin for Visual Studio 2003
HP Fortify SCA plugin for Visual Studio 2005
HP Fortify SCA plugin for Visual Studio 2008
HP Fortify SCA plugin for Visual Studio 2010
HP Fortify SCA plugin for Visual Studio 2010
Remediation
Note: The plugins for IntelliJ and Jdeveloper are available only on
DVD and as part of the ISO.
Signature file for the HP Fortify SCA and Apps package for
Macintosh
The HP Fortify SCA and Apps package for Linux includes:
Static Code Analyzer
Audit Workbench
HP Fortify SCA plugin for Eclipse
HP Fortify SCA plugin for Visual Studio 2003
HP Fortify SCA plugin for Visual Studio 2005
HP Fortify SCA plugin for Visual Studio 2008
HP Fortify SCA plugin for Visual Studio 2010
HP Fortify SCA plugin for Visual Studio 2010
Remediation
Note: The plugins for IntelliJ and Jdeveloper are available only on
DVD and as part of the ISO.
Signature file for the HP Fortify SCA and Apps package for Linux
18
File Name
HP_Fortify_SCA_3.60_HPUX_TF30215066.tar.gz
HP_Fortify_SCA_3.60_HPUX_TF30215066.tar.gz.sig
HP_Fortify_SCA_3.60_Solaris_TF30215067.tar.gz
HP_Fortify_SCA_3.60_Solaris_TF30215067.tar.gz.sig
Description
HP Fortify SCA for HPUX
Signature file for HP Fortify SCA for HPUX
HP Fortify SCA for Solaris
Signature file for HP Fortify SCA for Solaris
Navigate to https://support.openview.hp.com.
Click the Downloads tab to enter the software downloads section.
Click the Login button and sign in using your HP Passport credentials.
Note: If you dont have an HP Passport, click the >>New users please register link.
The Downloads screen appears.
4.
5.
Click My Updates.
The My software updates screen appears.
If you dont have SAID access for HP Fortify products associated with your HP Passport, you will
need to select the Directly enter an SAID: radio button and type in your HP Fortify SAID account
number.
19
6.
Select the terms and conditions check box and click the View available products button.
The My software updates product list page appears.
7.
8.
From the Product name box select the desired version of the HP Fortify English Software EMedia software. For information on the available packages, see Table 1: Packages on page 17.
9.
From the Downloads box, select the package you want to download.
20
Verify that the Signature File Matches the Downloaded Software Package
1.
Navigate to the directory where you stored the downloaded package and signature file.
On Windows machines, issue the following command:
gpg --verify <Signature_File_Name> <Downloaded_File_Name>
On Unix/Linux:
gpg -verify <Signature_File_Name> <Downloaded_File_Name>
2.
Examine the output to insure you receive verification that the software you downloaded has been signed
by HP and has not been altered. Your output should include something like the following:
c: .sig HP.Fortify_3 .SEng_SW.Media_TF302-15039.iso
\Users\username\<downloadDirectory>gpg --uerif HPFortify_3
.5Eng_SWJ1edia_TF3O2-15039.iso
gpg: Signature made 04/18/12 15:05:36 Pacific Daylight Time using DSA key
ID 2689BB87
gpg: Good signature from Hewlett-Packard Company(HP Codesigning Service)
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: FB41 0E68 CEDF 95D0 6681 1E95 527B CS3A 2689 B887
Note: The warning message occurs because the HP public key is not known to the system. You can ignore this warning
or set up your environment to identify the HP public key as a trusted signature.
For more information on downloading, verifying, and installing HP Fortify Software, please see "Acquiring HP Fortify
Software" on page 17.
21
Unix/Linux
The following instructions are
general command line instructions;
your distro might require alterations
to these steps.
1.
2.
3.
4.
MacOSX
1. Insert a blank DVD into
the drive.
2. Run Disk Utility.
3. From the File menu,
choose Open Disk Image
and select the ISO to be
burned.
4. Select the item
representing the ISO file
from the list of volumes.
5. Click the Burn button and
follow the instructions.
22
Linux / Unix
The following instructions are general
command-line instructions; your distribution
might require alterations to these steps.
1.
2.
3.
4.
5.
6.
MacOSX
1. Run Disk Utility.
2. Select Open Image File from
the Disk Utility menu.
3. Select the HP Fortify ISO file.
The ISO should appear on the Mac
OS desktop.
23
24