About the <fortify.home> Directory

The <fortify.home> directory is where the configuration file and other Fortify Software Security Center resources reside.

Default Directory Locations

After Fortify Software Security Center deployment, you can find <fortify.home> in the following locations:

• %USERPROFILE%\.fortify on a Windows system (applies to both a standard user and a Windows service user)

  Note: %USERPROFILE% represents the user running the Tomcat service, which is not necessarily the user who installed Tomcat.
  
  Named Account = C:\Users\<username>
LocalSystem [Default] = %WinDir%\System32\config\systemprofile
LocalService = %WinDir%\ServiceProfiles\LocalService
NetworkService = %WinDir%\ServiceProfiles\NetworkService
  

• $HOME/.fortify on a Linux system

Changing the Default Locations

You can override the default <fortify.home> directory location by setting the fortify.home system property on the JVM used to start the Tomcat Server. For example, you can specify this system property using the CATALINA_OPTS environment variable. Alternatively, you can add the fortify.home property to the Java Options field in the Tomcat service definition on a Windows system. For detailed information on setting Java system properties, see the Tomcat documentation.

Directory Contents

The <fortify.home> directory is structured as follows:

<fortify.home>/
    <app_context>/
         conf/
             app.properties
             datasource.properties
             log4j2.xml
             version.properties
             secret.key
         logs/ 
             ssc.log
             ...
         init.token

	      ...	

         plugin-framework/

	      /logs	

     fortify.license

where

<app_context>	represents the application server context in which Fortify Software Security Center is deployed. For details, see Automating Fortify Software Security Center Configuration.
log4j2.xml	is the default log configuration. Although you can change this configuration manually, Fortify strongly recommends that you use the log4j2 configuration override feature instead (see Customizing Fortify Software Security Center Logging ).
init.token	represents a new security token that is generated each time the Setup wizard is loaded (start of server in configuration mode). The user who configures Fortify Software Security Center uses this token to access the Setup wizard at the <host>:<port>/init URL.
app.properties	is a file that contains the application properties that the customer can configure.
datasource.properties	is a file that contains the database connection properties.
version.properties	is a file that stores information about current and previous versions of Fortify Software Security Center for application upgrade purposes.
secret.key	is an encryption key file used to encrypt and decrypt sensitive configuration information in Fortify Software Security Center. (Fortify Software Security Center never overwrites this file. However, the file is generated if it is missing from the <fortify.home>/<app_context>/conf directory.) The datasource.properties file and some database fields contain encrypted entries that rely on the secret.key file. If you move your Fortify Software Security Center instance from one computer to another, you must also move the secret.key file (not just your database files).
plugin-framework	is the plugin framework configuration and temporary storage (internal). Note: If you encounter a problem with a plugin, you can usually find more detailed information about it in plugin-framework/logs than you can in main Fortify Software Security Center logs.
fortify.license	is the license file for Fortify Software Security Center.