Unpacking and Deploying Fortify Software Security Center Software
To unpack and deploy the Fortify Software Security Center installation files:
-
Extract the contents of the installation file into a temporary directory in a secure location. (The installation file is the file you downloaded using the instructions in Downloading Fortify Software Security Center Files.)
-
Locate the distribution file (
Fortify_<version>_Server_WAR_Tomcat.zip) and extract all of the contents into a directory in a secure location. This creates theFortify-Server-WARdirectory, which contains the resources and tools you need for tasks such as configuring Fortify Software Security Center and migrating applications from previous versions.Note: The directory into which you extract the distribution file content is referred to in all topics as the
<ssc_install_dir>directory. -
Copy the seed bundle files from the
srg_contentfolder in the temporary directory to the<ssc_install_dir>directory. Do not unzip the seed bundle files.Note: Although you are not required to copy the resource files to the
<ssc_install_dir>directory, the procedures in this document are based on the assumption that you saved the files to that location.File Name
Description
Fortify_Process_Seed_Bundle-2020_Q1.zipProcess template seed bundle used to seed your third‑party database tables. It provides a default admin user account and issue template 
A template that determines how Fortify Software products prioritize issues. Prioritizing issues of a category or type helps guide the security team's audit and remediation activities. Fortify Software Security Center provides some standard templates. Users can employ them as is, modify them, and/or create additional templates. data. Fortify_Report_Seed_Bundle-2020_Q1.zipReport seed bundle used to seed the third‑party database tables. It provides the default set of Fortify Software Security Center reports.
Fortify_PCI_Basic_Seed_Bundle-2020_Q1.zip(Optional) The PCI Basic seed bundle adds a Payment Card Industry (PCI) Data Security Standard (DSS) process template and its associated report to the default set of issue templates and reports. PCI DSS will remain open for assessment
The overall process of reviewing, triaging, and acting on a particular scan or analysis. (same as scan) of previously-started, and newly-started assessments initiated before June 2021, until October 2022. After October 2022, the new PCI Software Security Framework (SSF) will be the set of standards for evaluation. Please use the PCI SSF Basic seed bundle (Fortify_PCI_SSF_Basic_Seed_Bundle-2020_Q1.zip) to begin to understand how software security issues can affect evaluation under these new PCI SSF standards.Fortify_PCI_SSF_Basic_Seed_Bundle-2020_Q1.zip(Optional) The PCI SSF Basic seed bundle adds a Payment Card Industry (PCI) Software Security Framework (SSF) process template and its associated report to the default set of issue templates and reports. PCI SSF was introduced in June 2019 as a set of new standards used to evaluate systems developed by payment software vendors. The existing PCI DSS will remain open for assessment of previously-started, and newly-started assessments initiated before June 2021, until October 2022. After October 2022, the new PCI Software Security Framework (SSF) will be the set of standards for evaluation. Please use the PCI Basic seed bundle (
Fortify_PCI_Basic_Seed_Bundle-2020_Q1.zip) for evaluation under PCI DSS.The process templates seed bundle and the reports seed bundle are required for Fortify Software Security Center deployment. The PCI Basic seed bundles are optional.
- Copy the
fortify.licensefile to the<ssc_install_dir>directory. (For information about how to obtain thefortify.licensefile, see the Micro Focus Fortify Software System Requirements document.)