HP Fortify manual rule pack update

With the Fortify products, HP has acquired a great suite of security tools for security static code analysis (“Fortify SCA”). But HP’s security product line-up also includes other tools, for instance for runtime analysis (“Fortify Runtime”, which analyzes code while it is in production) or HP WebInspect for automated black box security testing.

The Fortify SCA products include tools like the “Audit Workbench” that are available to developers, but also server products that are more suitable for a continuous integration environment.

I discussed the Audit Workbench with a couple of developers today, and, during the walk through, came across the auto-update feature. Fortify regularly provides updates to the rule packs, and so makes new scan capabilities available to the users. The update is automated (the default is to check for updates every 15 days, see “Options” -> “Options” menu), but sometimes one wants to trigger the update manually.

It took us a couple of minutes to find it in the documentation, but a look in the bin directory of the installation quickly helped: one can either use rulepackupdate or fortifyupdate to trigger the manual update. While rulepackupdate still works in the current release, it is deprecated and replaced by the new fortifyupdate.

If you are connecting to the Internet through a proxy server: the settings for configuring the proxy hostname and port are in the “Options” -> “Options” menu, under “Server Configuration”.