This guide is for OpenText Application Security, an OpenText on-premise product. If you are looking to configure an integration using the OpenText SaaS product, OpenText Core Application Security, use the OpenText Core Application Security Provider Configuration Guide instead.
OpenText Application Security (formerly Fortify Software Security Center) is an on-premise application security product offered by OpenText. This guide walks you through the steps to gather the necessary information and configure your OpenText Application Security tenant for the purpose of creating an integration with Synqly's Application Security connector.
Before you begin, ensure that you have:
- Access to the OpenText Application Security web interface
- Access to a user account with the Administrator role
| Operation | OpenText Application Security API Token Permissions |
|---|---|
| Query Applications | View application versions |
| Query Application Findings | View application versions |
| Query findings across all applications | View application versions |
| Get Application Finding Details | View application versions |
- Log into the OpenText Application Security web interface using an account with the Administrator role
- Select Administration
- Select Users > Token Management
- Select New
- Select the CIToken type, set a token expiration date, and fill in the token description field
- Note: the CIToken type has full permissions for any action using the OpenText Application Security API. If you would like to restrict the tokens permissions create a new user role that includes the required permissions, create a new user with this role, and use this user to create a AutomationToken instead. The required API token permissions can be found above in the section titled Required API Token Permissions.
- Select Save
- Take note of the encoded token value and store it in a safe location.
- You have now created a new OpenText Application Security API Token, proceed to the next section titled Configuring the Integration
| Integration Parameter | Description |
|---|---|
| Secret | This is the encoded token value generated from executing the steps above |
| Base Url | This is the URL used to access the OpenText Application Security web interface. Example: https://opentext.example.com/ssc |
| Bridge Selector | This is a Synqly Bridge Agent that you are running locally on-premise. This field is only needed if the Base Url is not accessible publicly. For more information on Synqly Bridge Agents see the Synqly Bridge Agent Docs |