Login Contact Us Book a Demo

Integrations

Micro Focus Fortify SSC Plugin

Strengthen your secure software development life cycle (SDLC) by integrating Sonatype Lifecycle with Micro Focus Fortify Software Security Center (SSC). This integration streamlines application security by automatically enriching Fortify SSC with open source risk data from Sonatype’s software composition analysis (SCA) tools.

Header-LR-Gray-(RIGHT)
Header-LR-Gray-(LEFT)

Automate Open Source Risk Auditing in Fortify SSC

With the Sonatype for Fortify SSC integration, Sonatype Lifecycle continuously feeds vulnerability, license, and policy violation data from open source components into Fortify SSC’s centralized management console.

This integration ensures your application security teams have full visibility into all forms of software risk, from proprietary code flaws to vulnerable open source libraries, within a single Fortify SSC workflow. 

Explore Sonatype Lifecycle

Sonatype for Fortify SSC Integration Features

Unified Security Dashboard

Visualize open source vulnerabilities alongside SAST and DAST results in Fortify SSC’s management interface.

Automatic Issue Creation

Trigger creation of findings in Fortify SSC for policy violations identified by Sonatype Lifecycle.

Visibility Across the SDLC

Ensure risk insights from Sonatype are reflected in every stage of the SDLC managed by Fortify SSC.

Compliance Readiness

Meet internal and external security mandates by documenting and resolving OSS risk within Fortify SSC’s reporting environment.

Streamlined Remediation Workflows

Track, triage, and resolve open source issues using Fortify SSC’s centralized vulnerability management workflows.

Policy-Driven Governance

Apply Sonatype Lifecycle’s customizable open source usage policies to enforce standards and reduce risk.

Integration Resources

Explore Sonatype and OpenText Partnership

Learn More

Help documentation on Sonatype for Fortify SSC

See Documentation

Get Sonatype for Fortify SSC on the Marketplace

See Marketplace

Fortify SSC FAQs

What does the Sonatype for Fortify SSC integration do?

It connects Sonatype Lifecycle with Fortify SSC, allowing you to ingest open source component data, such as known vulnerabilities and license issues, directly into the Fortify SSC platform for centralized tracking and remediation.

What kind of data is transferred from Sonatype to Fortify SSC?

Policy violations, known vulnerabilities (CVE), license risks, and component intelligence identified by Sonatype Lifecycle are passed to Fortify SSC and mapped as issues within the platform.

Do I need additional licenses to use this integration?

You will need an active license for both Sonatype Lifecycle and Fortify SSC. No additional Sonatype license is required for the integration itself.