[研究]OpenText Fortify SCA 24.4.1安裝

[研究]OpenText Fortify SCA 24.4.1安裝

2025-01-22

Fortify 最早是一家公司，Static Code Analyzer (SCA) 是原始碼安全檢測(白箱)軟體，或稱靜態源碼檢測分析工具，後來幾經被併購或賣掉轉手，變成

HP Fortify SCA  (HP 公司底下 Fortify 產品線的 SCA 產品)

Micro Focus Fortify SCA   (Micro Focus 公司底下 Fortify 產品線的 SCA 產品)

OpenText Fortify SCA   (OpenText 公司底下 Fortify 產品線的 SCA 產品)

23.1.0版是 2023年，23.1.0 是上半年版本 (約年中左右)，23.2.0是上半年版本 (約年底左右)。

23.1.x 是安裝23.1.0 安裝了 Patch 修補程式後。

2024年開始，版號有了變化，上半年版本變成24.2，下半年變成 24.4，其中 24.1 和 24.3 被跳過。

【下載】

• Fortify SCA (掃描引擎)：OpenText Fortify SCA 24.4.1(2025-01-16) 是目前最新的，檔案 Fortify_SCA_24.4.1_windows_x64.exe.zip，解壓後得到 Fortify_SCA_24.4.1_windows_x64.exe，雖然號稱 Patch，但是實際上就算沒有先安裝 24.4.0版，仍可以獨立安裝。
• Fortify Apps and Tools (操作介面工具)：Fortify_Tools_24.4.0_Windows.zip，解壓得到 Fortify_Apps_and_Tools_24.4.0_windows_x64.exe 和 Docs 目錄

註：好像從 23.x 版開始，前者目前似乎只是個掃描引擎，沒有提供介面；後者提供 Scan Wizard 操作設定介面。22.x 版或更早，後者並沒有獨立，前者安裝後就包含後者。

註：後者沒有出24.4.1版，故只能下載 Fortify_24.4.0.zip，從中取得 Fortify_Tools_24.4.0_Windows.zip，或直接下載 Fortify_Tools_24.4.0_Windows.zip 檔案。

【安裝】

1.安裝要先有 fortify.license 授權檔案，在 windows_x64.exe 相同目錄放一份；在 Fortify_Apps_and_Tools_24.4.0_windows_x64.exe 相同目錄放一份。

2.先去「控制台」的「解除安裝程式」，移除舊版。

    建議先移除舊版，再安裝新版。

    因為移除軟體時，.fpr檔案關聯會被刪除；先裝新版再宜舊版，報告關聯會被刪除。

    先移除舊版，再安裝新版；裝新版時關聯會被建立。

3.安裝 Fortify_SCA_24.4.1_windows_x64.exe

4.安裝Fortify_Apps_and_Tools_24.4.0_windows_x64.exe

5.切換語系 (不然報告都是英文)

********************************************************************************

********************************************************************************

********************************************************************************

安裝1

(下圖) 正常不會出現此錯誤，後面解釋

(下圖) 正常會出現的畫面

********************************************************************************

安裝2

********************************************************************************

變更為繁體中文語系，更新 rules

注意，不同版本的安裝路徑，會有些變化

C:\>cd C:\Program Files\Fortify\Fortify_SCA_24.4.1\bin C:\Program Files\Fortify\Fortify_SCA_24.4.1\bin>scapostinstall.cmd [1] Migration... [2] Settings... [s] Display all settings [q] Exit Please select the desired action (1,2,s,q): 2 [1] General... [2] Fortify Update... [3] Software Security Center Settings... [s] Display all settings [r] Return [q] Exit Please select the desired action (1,2,3,s,r,q): 1 [1] Locale [s] Display all settings [r] Return [q] Exit Please select the desired action (1,s,r,q): 1 Locale [default: en]: zh_TW [1] Locale [s] Display all settings [r] Return [q] Exit Please select the desired action (1,s,r,q): q C:\Program Files\Fortify\Fortify_SCA_24.4.1\bin>fortifyupdate.cmd Error 6210: Invalid license file C:\Program Files\Fortify\Fortify_SCA_24.4.1\bin>fortifyupdate.cmd Removing Old Security Content ... C:\Program Files\Fortify\Fortify_SCA_24.4.1\Core\config\rules Fortify Secure Coding Rules, Community, Cloud v2024.2.0.0008 Fortify Secure Coding Rules, Community, PHP v2024.2.0.0008 Fortify Secure Coding Rules, Community, Universal v2024.2.0.0008 Fortify Secure Coding Rules, Core, ABAP v2024.2.0.0008 Fortify Secure Coding Rules, Core, ActionScript 3.0 v2024.2.0.0008 Fortify Secure Coding Rules, Core, Android v2024.2.0.0008 Fortify Secure Coding Rules, Core, Annotations v2024.2.0.0008 Fortify Secure Coding Rules, Core, Apex v2024.2.0.0008 Fortify Secure Coding Rules, Core, ColdFusion v2024.2.0.0008 Fortify Secure Coding Rules, Core, Cloud v2024.2.0.0008 Fortify Secure Coding Rules, Core, COBOL v2024.2.0.0008 Fortify Secure Coding Rules, Core, C/C++ v2024.2.0.0008 Fortify Secure Coding Rules, Core, Dart v2024.2.0.0008 Fortify Secure Coding Rules, Core, .NET v2024.2.0.0008 Fortify Secure Coding Rules, Core, Golang v2024.2.0.0008 Fortify Secure Coding Rules, Core, Java v2024.2.0.0008 Fortify Secure Coding Rules, Core, JavaScript v2024.2.0.0008 Fortify Secure Coding Rules, Core, Kotlin v2024.2.0.0008 Fortify Secure Coding Rules, Core, Objective-C v2024.2.0.0008 Fortify Secure Coding Rules, Core, PHP v2024.2.0.0008 Fortify Secure Coding Rules, Core, Python v2024.2.0.0008 Fortify Secure Coding Rules, Core, Ruby v2024.2.0.0008 Fortify Secure Coding Rules, Core, Scala v2024.2.0.0008 Fortify Secure Coding Rules, Core, SQL v2024.2.0.0008 Fortify Secure Coding Rules, Core, Swift v2024.2.0.0008 Fortify Secure Coding Rules, Core, Swift 2 v2024.2.0.0008 Fortify Secure Coding Rules, Core, Universal v2024.2.0.0008 Fortify Secure Coding Rules, Core, Classic ASP, VBScript, and VB6 v2024.2.0.0008 Fortify Secure Coding Rules, Extended, Configuration v2024.2.0.0008 Fortify Secure Coding Rules, Extended, Content v2024.2.0.0008 Fortify Secure Coding Rules, Extended, C/C++ v2024.2.0.0008 Fortify Secure Coding Rules, Extended, .NET v2024.2.0.0008 Fortify Secure Coding Rules, Extended, Java v2024.2.0.0008 Fortify Secure Coding Rules, Extended, JavaScript v2024.2.0.0008 Fortify Secure Coding Rules, Extended, JSP v2024.2.0.0008 Fortify Secure Coding Rules, Extended, SQL v2024.2.0.0008 Storing Updated Security Content ... C:\Program Files\Fortify\Fortify_SCA_24.4.1\Core\config\rules Fortify 摰蝺函Ⅳ閬??敹€niversal v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??辣隡詻€avaScript v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??敹€nnotations v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??辣隡詻€SP v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??敹€lassic ASP?BScript ??VB6 v2024.1.1.0001 001 Fortify 摰蝺函Ⅳ閬??敹€wift v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??敹€wift 2 v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??敹€ctionScript 3.0 v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??敹€cala v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??敹€otlin v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??敹€/C++ v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??敹€ndroid v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??辣隡詻€ava v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??敹€OBOL v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??冗蝢扎€HP v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??辣隡詻€/C++ v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??敹€loud v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??敹€?NET v2024.1.1.0001 1 Fortify 摰蝺函Ⅳ閬??辣隡詻€?蝵?v2024.1.1.0001 01 Fortify 摰蝺函Ⅳ閬??敹€bjective-C v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??辣隡詻€摰?v2024.1.1.0001 1 Fortify 摰蝺函Ⅳ閬??敹€HP v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??敹€pex v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??敹€art v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??敹€BAP v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??辣隡詻€QL v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??敹€avaScript v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??敹€QL v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??辣隡詻€?NET v2024.1.1.0001 1 Fortify 摰蝺函Ⅳ閬??敹€ava v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??敹€uby v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??敹€olang v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??冗蝢扎€niversal v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??敹€oldFusion v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??冗蝢扎€loud v2024.1.1.0001 Fortify 摰蝺函Ⅳ閬??敹€ython v2024.1.1.0001 Removing Old Metadata Files ... C:\Program Files\Fortify\Fortify_SCA_24.4.1\Core\config\ExternalMetadata Main External List Mappings v2024.2.0.0008 Storing Updated Metadata Files ... C:\Program Files\Fortify\Fortify_SCA_24.4.1\Core\config\ExternalMetadata 憭皜撠?嚗敹?v2024.1.1.0001 C:\Program Files\Fortify\Fortify_SCA_24.4.1\bin>

更新 rules，這次會下載 繁體中文版 rules 和說明

C:\Program Files\Fortify\Fortify_SCA_24.4.1\bin\fortifyupdate.cmd

可以考慮在「Windows系統管理工具」/「工作排程器」設定每天更新 rules

********************************************************************************

補充說明，過程中發生過 Error 6210: Invalid license file，

這是付費花錢購買的軟體，理論上不該如此，檢查發現 fortify.license 有更新過，安裝時錯拿舊的，把新的覆蓋 C:\Program Files\Fortify\Fortify_SCA_24.4.1\fortify.license 檔案，即可正常更新。

********************************************************************************

Fortify Static Code Analyzer and Tools 24.4.x Documentation
https://www.microfocus.com/zh-tw/documentation/fortify-static-code-analyzer-and-tools/2440/

Support Portal:
https://softwaresupport.softwaregrp.com

Fortify Documentation:
https://www.microfocus.com/support-and-services/documentation

Licenses & Downloads Portal:
https://sldlogin.microfocus.com

Patch Downloads:
https://softwaresupport.softwaregrp.com/document?doctype=patches

Fortify Offline Rulepacks:
https://support.fortify.com

Fortify Product Announcements:
https://community.microfocus.com/t5/Fortify-Product-Announcements/bd-p/Fortify_PA

technical support:
https://www.microfocus.com/en-us/support

Frequently asked questions on the license and Download Portal
https://sld.microfocus.com/mysoftware/contact/faqsQuestion

(完)

相關