Preparing for the Fortify Vulnerability Integration
A successful Fortify Vulnerability Integration requires planning and the execution of pre-integration tasks. Prepare for the integration by performing these tasks. The Fortify Vulnerability Integration assumes that you are familiar with the Fortify product and API.
始める前に
The Common Weakness Enumeration (CWE) integration is also used by Application Vulnerability Response and should be running prior to installing
and configuring the Fortify Vulnerability Integration.
注:
NIST
Vulnerability Database (NVD) data is not necessary to install the Fortify Vulnerability Integration, however they provide
enrichment and would be useful to have.
For information on NVD, see Importing data with the NVD and CWE integrations and managing third-party libraries.
There is a configured run-as user for each integration record. The default value for this user is VR.System. Do not change this value.
Role required: App-Sec Manager
このタスクについて
注:
Validate your instance sizing
based on the number of application vulnerable items you expect to import. An undersized
instance can lead to long load times. If you do not know the size of your instance,
contact Customer Service and Support.Before running the integration, make any necessary
configuration change based on your requirements.
The Fortify Vulnerability Integration requires an API Key, API Secret, and API root URL, available from your Fortify on Demand account.
手順
To create an API Secret Key:
- Log in to your Fortify on Demand portal.
- Navigate to .
- Add ServiceNow as an application.
- Click New Secret to generate an API Secret.
- Record your API Secret for later use.