Integration of IQ Webhook with Fortify SSC Sync Service

Turn "off" Fortify SSC Sync Service and Update Continuous Configuration

Turn off the synchronization service and set the synchronize.projects.continously property in the iqapplication.properties file to false. This will turn off polling and free system resources to process webhook events.

NOTE: It is possible for the sync service to poll as well as process webhook events, provided that the cron jobs are scheduled infrequently and there are fewer webhook events.

Turn "on" Fortify Sync Service and Configure IQ Webhook Event.

1. Turn on the synchronization service.

2. Login to Lifecycle as an admin user or a user with system configuration permissions.

3. Navigate to the WebHooks configuration in the System Preferences menu.

   

4. Click on Add a Webhook button.

   

5. On the Webhook Details page, set the Website URL field to point to the address of the Fortify SSC synchronization service with the endpoint set to /iqWebhook

   E.g. http://<sync-service-address>:<sync-service-port>/iqWebhook

   For Event Types, check the Application Evaluation checkbox and click on the Create button.

   

Test the Webhook Integration

If the WebhooK has been created successfully, you should now be able to evaluate the applications that exist in your mapping file and confirm that they are being sent to the synchronization service.

1. Select an evaluation report stage for an application that exists in your mapping file on the Lifecycle Reports page.

   

2. Click on the Re-Evaluate Report button.

   

   On completion of the re-evaluation, a webhook event will be pushed to the synchronization service.

3. Check the synchronization service log or console output to confirm that the webhook event was received and processed.