Fortify BugTracker Utility


Micro Focus Micro Focus Community

Micro Focus | Micro Focus Community

FortifyBugTrackerUtility allows for submitting vulnerabilities from either Fortify on Demand (FoD) or Software Security Center (SSC) to various bug trackers and other external systems including ALM Octane, JIRA, Archer, and MS TFS.


The following lists the currently supported functionality:

Software Security Center

  • Submitted issue link can be stored as a native SSC bug tracker link or as an SSC custom tag value
  • Storing as a native SSC bug tracker link requires the 'Add Existing Bugs' bug tracker integration to be configured for the application version
  • Current bug tracker issue state can be stored as an SSC custom tag value
  • Application versions can be automatically mapped to bug tracker projects based on application version attributes
  • Application versions to be processed can be automatically determined based on application version attributes and other criteria

Fortify on Demand

  • Submitted issue link can be stored in the FoD bugLink field, or as vulnerability comments
  • Does not support showing additional information about the current state of submitted issues
  • FoD only supports custom attributes at application level, not release level. As such automated mapping to bug tracker projects and automated processing of releases is more limited

Please see for detailed installation, configuration, and usage information.


Fortify BugTracker Utility 3.5
Aug 13, 2018
More info Less info
Product Compatibility
Version 17.1 · 17.20
Version 18.10
Release Notes

Major update with lot's of internal refactoring, bug fixes and new and changed functionality. The sections below provide more details about the major changes from an end user perspective.Documentation & command usage:

  • A lot of documentation has been added and updated.
  • The '-help' function has been improved, providing a lot more detail about available command line options.
  • Command line options can now be specified in arbitrary order, and prefixed with either a single or double dash.
  • Most command line options can either be provided on the command line or in the configuration file.
  • The utility no longer prompts for required command line option values like URL's and credentials; you will need to explicitly provide these as command line options (on the command line or through the configuration file). If you have a need for having the utility prompt for option values, please file a feature request.


  • Configuration file format has changed significantly. If you were previously using a customized configuration file, you will need to re-do these customizations based on the new configuration files included in the distribution.
  • SSC application version/FoD application release processing has been improved and offers additional functionality.
  • The utility now allows for arbitrary data to be loaded from FoD/SSC by configuring additional REST API endpoints to be invoked, allowing users to use this data for filtering and target issue data.
  • Additional target issue data is now available for use in the configuration files, thereby increasing the possibilities for bidirectional sync.
  • Various other new or improved configuration settings.

Functionality & bug fixes:

  • The 'Add Existing Bugs' native SSC bug tracker plugin now also supports SSC 17.20+.
  • Previously the utility blindly updated target issue fields during every state management operation. This new version checks whether any target issue fields need to be updated, and only updates these fields if there have been any changes.
  • Improved error management and additional checks, for example to avoid processing vulnerabilities that have been previously submitted to a target system on a different host.
  • Bug fix for improved performance when loading vulnerability data from SSC.
Fortify BugTracker Utility 3.4
40.2 MB
Jun 6, 2018
More info Less info
Product Compatibility
Fortify Software Security Center
Version 18.10
Release Notes

Internal refactoring to use generic Fortify Client API library

  • Bug fixes and various changes
  • Build process updated to use Maven release plugin
FortifyBugTrackerUtility 3.1
Aug 29, 2017
More info Less info
Product Compatibility
Fortify on Demand
Version 0.0
Fortify Software Security Center
Version 17.1 · 17.20
Release Notes
  • Added updated documentation to distribution zip
  • Fixed bug that prevented users from specifying user name and password for native SSC bug tracker integrations
  • Added SSC 'Add Existing Bugs' native bug tracker integration

Unsubscribe from notifications

You are receiving release updates for this item because you have subscribed to the following products:
If you unsubscribe, you will no longer receive any notifications for these products.
Tip: to update your subscription preferences, go to Manage Subscriptions from your Dashboard, uncheck the products you no longer want to receive notifications for, and click 'Save'.
Your browser is not supported!

Please upgrade to one of the following broswers: Internet Explorer 11 (or greater) or the latest version of Chrome or Firefox