Skip Navigation
Book a Demo
Book a Demo
5fec9210c1841a3331c6d0f6_Fortify_blue_800px+  sonatype logo resized-1

Micro Focus Fortify SSC Plugin

Strengthen your secure software development life cycle (SDLC) by integrating Sonatype Lifecycle with Micro Focus Fortify Software Security Center (SSC). This integration streamlines application security by automatically enriching Fortify SSC with open source risk data from Sonatype’s software composition analysis (SCA) tools.

Works With:   sonatype-lifecycle-icon

Automate Open Source Risk Auditing in Fortify SSC

With the Sonatype for Fortify SSC integration, Sonatype Lifecycle continuously feeds vulnerability, license, and policy violation data from open source components into Fortify SSC’s centralized management console.

This integration ensures your application security teams have full visibility into all forms of software risk, from proprietary code flaws to vulnerable open source libraries, within a single Fortify SSC workflow. By combining the open source governance of Sonatype Lifecycle with the centralized policy management and reporting of Micro Focus Fortify SSC, your teams can:

  • Gain a unified view of software risk across proprietary and third-party code.
  • Reduce manual effort by automatically synchronizing component-level intelligence.
  • Prioritize remediation by combining code and dependency insights.
  • Maintain audit trails for compliance and regulatory reporting.
  • Shift security left with consistent policy enforcement during development.

Sonatype for Fortify SSC Integration Features

Unified Security Dashboard

Visualize open source vulnerabilities alongside SAST and DAST results in Fortify SSC’s management interface.

Automatic Issue Creation

Trigger creation of findings in Fortify SSC for policy violations identified by Sonatype Lifecycle.

Streamlined Remediation Workflows

Track, triage, and resolve open source issues using Fortify SSC’s centralized vulnerability management workflows.

Policy-Driven Governance

Apply Sonatype Lifecycle’s customizable open source usage policies to enforce standards and reduce risk.

Continuous Visibility Across the SDLC

Ensure risk insights from Sonatype are reflected in every stage of the SDLC managed by Fortify SSC.

Compliance Readiness

Meet internal and external security mandates by documenting and resolving OSS risk within Fortify SSC’s reporting environment.

Related Integrations

Sonatype for Jira Cloud

Sonatype for Jira Data Center

Sonatype Platform Plugin for Jenkins

Sonatype Lifecycle

Sonatype Platform Plugin for Jenkins

Sonatype Nexus Repository

Integration Resources

sonatype-icon@2x+Micro Focus Fortify logo icon

Blog post on Sonatype for Fortify SSC

 

See Blog Post

icon-questionMark

Help documentation on Sonatype for Fortify SSC

 

See Documentation

CyberRes by opentext logo

Help documentation on Sonatype for Jira Cloud

See Marketplace

Fortify SSC FAQs

What does the Sonatype for Fortify SSC integration do?

What kind of data is transferred from Sonatype to Fortify SSC?

Do I need additional licenses to use this integration?