Bitbucket Pipelines Fortify Pipe: “Error getting Controller URL from SSC” despite SCANCENTRAL_CONTRO

Hi Bitbucket Community,

I'm trying to integrate Fortify SAST scanning into my Bitbucket Pipelines using the official pipe fortifysoftware/fortify-scan:5.5.0-jdk-17. The pipeline succeeds in building the project and packaging the scan, but fails when trying to start the ScanCentral scan.

My Environment

• Runner: Self-hosted Linux runner with Docker enabled

• Fortify SSC Server: Windows, accessible at https://10.0.60.41:8443/ssc

• Scan Central Controller: Windows, accessible at http://10.0.60.54:8080/scancentral-ctrl

• Bitbucket Pipeline Image: fortifysoftware/fortify-scan:5.5.0-jdk-17

• Bitbucket pipeline variables include:

  • SSC_URL

  • SSC_CI_TOKEN

  • SSC_VERSION_ID

  • SCANCENTRAL_AUTH_TOKEN

  • SCANCENTRAL_CONTROLLER_URL
    The issue 
    INFO: Starting ScanCentral SAST scan
    launcher.log will be stored in "/root/.fortify/scancentral-24.2.0/log" directory.
    Getting controller URL from SSC...
    Update failed.
    Standalone ScanCentral client cannot be started without a successful update check.
    Error getting Controller URL from SSC.
    INFO: Skipping SSC vulnerability data export