This repository contains some example scripts to setup a working Fortify demo environment using minikube and the Fortify Helm Charts.
Minikube is a tool that allows you to run a single-node Kubernetes cluster locally. It is useful for developing and testing applications that are designed to run on Kubernetes.
It includes a deployment of: [ ] Fortify License Infrastructure Manger (LIM) [ ] Fortify Software Security Center (SSC) [ ] ScanCentral SAST [ ] ScanCentral DAST
See here as an example for Ubuntu on WSL2.
Install PowerShell for Linux.
Install minikube: https://minikube.sigs.k8s.io/docs/start
Install kubectl: https://kubernetes.io/docs/tasks/tools/
Install helm: https://helm.sh/docs/intro/install/
You will need OpenSSL (https://www.openssl.org/) to create a self-signed wildcard certificate. You can install OpenSSL using the OS package manager or use the version that is already available with the Git command line tool.
A working fortify.license file for SSC and ScanCentral SAST. Place this file in the "root" directory of the project.
You will need Docker Hub credentials to access the private docker images in the fortifydocker organisation.
You will need the Helm charts from the Fortify SSC Server installation, this will be in the form of a .tgz file named
ssc-1.1.2420186+24.2.0.0186.tgz or simlar. Extract the contents of this file in the root directory:
tar -xvzf ssc-1.1.2420186+24.2.0.0186.tgz
A working license for ScanCentral DAST and WebInspect if deploying ScanCentral DAST
Copy the file env.example to .env, e.g.
cp env-example .env
then edit the file as required. You can set the first few entries depending on which components you wish to install. For example to install everything except ScanCentral DAST:
# Set the following depending on what components you wish to install
# Just leave blank/empty if you don't want to install the component
INSTALL_LIM=1
INSTALL_SSC=1
INSTALL_SCSAST=1
INSTALL_SCDAST=
The values at the bottom of the file, for URLs and credentials of the deployed environment will be updated as the deployment completes.
Note: Do not place this file in source control.
Run the following command to start minikube and create a Fortify ScanCentral SAST Environment:
pwsh ./startup.ps1It will take a while for everything to complete.
Once the details of the environment are complete at the end you will need to login to Fortify SSC and enter the details of ScanCentral SAST/DAST as per the instructions.
If you want to populate the Fortify environment with sample data, you can the following command:
pwsh ./scripts/populate.ps1Note: if you need to set/reset the Fortify SSC "admin" user's password you can use the following script:
pwsh ./scripts/reset_ssc_admin_user.ps1Run the following command to forward the LIM Service to a free port on your local machine, e.g. for port 8888:
kubectl port-forward lim-0 8443:1443
Browse to https://localhost:8443 on your local machine and login using the values of LIM_ADMIN_USER and
LIM_ADMIN_PASSWORD set in .env.
Install your licenses and then you can stop the port forwarding (just Ctrl^C out).
Run the following command to forward the LIM Service to a free port on your local machine, e.g. for port 8443:
kubectl port-forward svc/ssc-service 8443:443
Browse to https://127.0.0.1:8443 on your local machine and login using the values of SSC_ADMIN_USER and
SSCADMIN_PASSWORD set in .env. You will need to change the user's password on first login.
Install your licenses and then you can stop the port forwarding (just Ctrl^C out).
You can re-run the startup.ps1 script with different options set in the .env to deploy more components.
You can run a ScanCentral SAST Scan using the included scripts and source code as follows:
pwsh ./scancentral_sast_scan.ps1If you wish to remove the minikube environment completely, you can use the following command:
pwsh ./shutdown.ps1