{"id":7246,"library":"fortifyapi","title":"Fortify Software Security Center (SSC) RESTFul API Python Client","description":"fortifyapi is a Python library designed to interact with the Fortify Software Security Center (SSC) RESTful API. It provides a programmatic interface to manage applications, versions, issues, and other SSC entities. The library is currently in Beta status (Development Status :: 4 - Beta) and is actively maintained, with the latest release being 3.1.25. While primarily a wrapper for the SSC API, users should be aware of underlying SSC API changes and deprecations that can affect its usage.","status":"active","version":"3.1.25","language":"en","source_language":"en","source_url":"https://github.com/fortifyadmin/fortifyapi","tags":["fortify","security","ssc","api-client","devsecops"],"install":[{"cmd":"pip install fortifyapi","lang":"bash","label":"Install stable version"}],"dependencies":[{"reason":"Used for making HTTP requests to the Fortify SSC API.","package":"requests","optional":false}],"imports":[{"note":"The primary API client class is within the 'fortify' submodule.","wrong":"import fortifyapi","symbol":"FortifyApi","correct":"from fortifyapi.fortify import FortifyApi"}],"quickstart":{"code":"import os\nfrom fortifyapi.fortify import FortifyApi\n\n# Set environment variables for connection\nFORTIFY_SSC_HOST = os.environ.get('FORTIFY_SSC_HOST', 'https://localhost:8443/ssc')\nFORTIFY_SSC_USER = os.environ.get('FORTIFY_SSC_USER', 'your_ssc_username')\nFORTIFY_SSC_PASSWORD = os.environ.get('FORTIFY_SSC_PASSWORD', 'your_ssc_password')\n\ndef get_ssc_token():\n    \"\"\"Authenticates with SSC and retrieves an API token.\"\"\"\n    # Bypass SSL verification if you have issues with self-signed certs (NOT recommended for production)\n    ssc_client = FortifyApi(host=FORTIFY_SSC_HOST, username=FORTIFY_SSC_USER, \n                            password=FORTIFY_SSC_PASSWORD, verify_ssl=False)\n    response = ssc_client.get_token(description='fortifyapi_client_token')\n    if response.data and 'data' in response.data and 'token' in response.data['data']:\n        return response.data['data']['token']\n    raise Exception(\"Failed to retrieve Fortify SSC API token.\")\n\ndef list_project_versions():\n    \"\"\"Lists all project versions in Fortify SSC.\"\"\"\n    try:\n        token = get_ssc_token()\n        ssc_client = FortifyApi(host=FORTIFY_SSC_HOST, token=token, verify_ssl=False)\n        response = ssc_client.get_all_project_versions()\n        if response.data and 'data' in response.data:\n            print(\"Fortify SSC Project Versions:\")\n            for version in response.data['data']:\n                print(f\"  ID: {version['id']}, Project: {version['project']['name']}, Version: {version['name']}\")\n        else:\n            print(\"No project versions found or API response was empty.\")\n    except Exception as e:\n        print(f\"An error occurred: {e}\")\n\nif __name__ == '__main__':\n    # Make sure to set FORTIFY_SSC_HOST, FORTIFY_SSC_USER, FORTIFY_SSC_PASSWORD\n    # environment variables or replace placeholders for actual usage.\n    list_project_versions()","lang":"python","description":"This quickstart demonstrates how to authenticate with Fortify SSC using username/password to obtain an API token, then use that token to list all available project versions. Remember to configure your Fortify SSC host, username, and password, preferably via environment variables, and handle SSL verification appropriately for your environment."},"warnings":[{"fix":"Upgrade your `fortifyapi` library to the latest version and update your code to use the newer SSC API endpoints, such as `/api/v1/tokens` for authentication. Consult Fortify SSC release notes for API migration guides.","message":"Fortify SSC (the backend API) has deprecated and removed several API endpoints. Notably, `/api/v1/auth/token` was replaced by `/api/v1/tokens` and the SOAP API is deprecated. Using older `fortifyapi` versions with newer SSC instances, or code relying on old endpoints, will break.","severity":"breaking","affected_versions":"Fortify SSC 21.2.0+"},{"fix":"Ensure your authentication mechanism (e.g., `fortifyapi`'s `username`/`password` or `token` parameters) correctly provides the `Authorization` header. If implementing custom authentication logic, explicitly set the `Authorization` header.","message":"Fortify SSC 21.2.0+ no longer explicitly announces Basic HTTP authentication on REST API endpoints via the `WWW-Authenticate` header. Clients *must* explicitly add the `Authorization` header.","severity":"gotcha","affected_versions":"Fortify SSC 21.2.0+"},{"fix":"Implement retry logic with exponential backoff for `429` responses. For bulk operations, break down large JSON payloads into smaller requests to stay within the 10 MB limit for JSON submitted to SSC.","message":"Fortify SSC API calls may be subject to rate limiting and JSON payload size limits. Exceeding these limits can result in `429 Too Many Requests` or errors for large bulk operations.","severity":"gotcha","affected_versions":"All"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"For development/testing, you can disable SSL verification by passing `verify_ssl=False` to the `FortifyApi` constructor. For production, ensure your Fortify SSC instance uses a trusted certificate and that your client system has the necessary CA certificates installed and trusted.","cause":"The Python environment cannot verify the SSL certificate presented by the Fortify SSC host, often due to self-signed certificates or missing CA certificates.","error":"SSLError: CERTIFICATE_VERIFY_FAILED"},{"fix":"Change the import statement to `from fortifyapi.fortify import FortifyApi`.","cause":"Attempting to import `FortifyApi` directly from the top-level `fortifyapi` package instead of its `fortify` submodule.","error":"AttributeError: module 'fortifyapi' has no attribute 'FortifyApi'"},{"fix":"Double-check your `FORTIFY_SSC_HOST`, `FORTIFY_SSC_USER`, and `FORTIFY_SSC_PASSWORD` environment variables or credentials. Ensure the user or token has the necessary permissions in Fortify SSC for the operations being attempted.","cause":"Incorrect username/password, expired/invalid API token, or insufficient permissions for the user/token used to connect to Fortify SSC.","error":"API response indicates 401 Unauthorized or 'Failed to retrieve Fortify SSC API token.'"},{"fix":"Verify the exact API endpoint path against your Fortify SSC version's API documentation. If using an older `fortifyapi` version, check for changes in the SSC API that might require updating your code and the library.","cause":"The requested API endpoint does not exist, the URL path is incorrect, or the endpoint has been deprecated/removed in the version of Fortify SSC being targeted.","error":"Error 404 Not Found when accessing an API endpoint."}]}