Configuring Fortify

It is possible to incorporate Fortify results in the TICS output for files.


For a successful Fortify integration, the following prerequisites must be met:

Basic configuration

All Fortify properties can be specified globally in SERVER.txt or on a project-specific level in PROJECTS.txt. If the properties are declared in SERVER.txt as well as PROJECTS.txt, the project-specific properties will overwrite the global properties.


The following properties have to be declared either on SERVER or PROJECT level:

'TOOLS' => {
  'Fortify' => {
    'SERVER' => 'URL to the Fortify Software Security Center, e.g.:',
    'TOKEN' => 'Authentication token for the Fortify Software Security Center API',
    ['TIMEOUT' => The time an API call may take (in seconds) before it is aborted],
    'PROJECT' => 'Project name in Fortify',
    ['VERSION' => 'Project version name in Fortify'],
Note that the VERSION property is optional. When no version is specified, the version with the most recent metric evaluation date for which analysis results are available will be used.

Obtaining an authentication token

In order to access the Fortify API, TICS needs an authentication token. These tokens can be generated via the Fortify Security Center web interface on the Token Management page under the Users section from the Administration pages.

The Token Management page in the Fortify Security Center.

Clicking the NEW button in the top-right corner allows one to generate a new token. This should ideally be a UnifiedLoginToken. Alternatively, a CIToken can be used.

The New Token page in the Fortify Security Center.

For usage with TICS, be sure to use the encoded token!