This add-on is operated by Hewlett Packard
Fortify on Demand is Application Security delivered in the cloud.
The Fortify on Demand add-on is currently in beta.
Table of Contents
Fortify on Demand is an add-on for evaluating the security of your Heroku-hosted website. Adding the Fortify on Demand Add-on allows you to scan your app from the outside, just as a hacker would, and determine if any vulnerabilities exist.
Provisioning the add-on
The Fortify on Demand add-on can be attached to a Heroku application via the CLI:
A list of all plans available can be found here.
$ heroku addons:create fortifyondemand -----> Adding fortifyondemand to sharp-mountain-4005... done, v18 (free)
Launching a scan
After provisioning the add-on, open the Fortify dashboard:
$ heroku addons:open fortifyondemand
And select the app domains you wish to scan. A scan request will be sent to the Fortify on Demand system and you will receive results within two (2) hours via your registered email address..
The test will be run at a low depth level and will find vulnerabilities within the OWASP Top 10 categories.
Removing the add-on
The Fortify on Demand add-on can be removed via the CLI.
This will destroy all associated data and cannot be undone!
$ heroku addons:destroy fortifyondemand -----> Removing fortifyondemand from sharp-mountain-4005... done, v20 (free)
All support for the Fortify on Demand add-on should be directed through firstname.lastname@example.org.