📙 You will learn
How to generate a Fortify Audit Workbench report and upload it to ThreadFix.
Prerequisites
Audience: IT Professional
Difficulty: Basic
Time needed: Approximately 10 minutes
Tools required: N/A
Generate Results
After launching Audit Workbench, select Scan Java Project...:
Select the directory containing the Java Project to be scanned and click OK:
Select the version of Java the project uses and click OK:
Select the appropriate options from for the project (the defaults work for a majority of projects) and select Scan:
After the scan has finished, from the File menu select Save Project As... and save the results to the desired directory:
Filter Set
To see all vulnerabilities within Audit Workbench before uploading them to ThreadFix, go to Tools -> Project Configuration > Filter sets and make “Security auditor view” the default filter set before saving.
Upload Results
After generating a report, log in to ThreadFix and navigate to the Portfolio page, found on the Navigation sidebar under the Application sub-menu.
Expand the Team the report will be uploaded to:
After picking one of the Team's applications, select Upload Scan and drag the report into the pane:
Once ThreadFix finishes processing the report, the results can be viewed on the individual application's page:
Finding Status Processing
The following list indicates how finding statuses from Fortify are marked within ThreadFix when ingesting a scan:
Not an issue or Suppressed - False Positive
Exploitable or Need more information - Open
Hidden - not ingested into ThreadFix
Table of
contentsContents
| Table of Contents |
|---|