Versions Compared

Old Version 7

changes.mady.by.user Daniel Colon

Saved on

compared with

New Version Current

changes.mady.by.user Daniel Colon

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Image Added

📙 You will learn

How to generate a Fortify Audit Workbench report and upload it to ThreadFix.

Prerequisites

Audience: IT Professional
Difficulty: Basic
Time needed: Approximately 10 minutes
Tools required: N/A

Generate Results

  1. After launching Audit Workbench,

select

  1. select Scan Java Project...:

    Image Added

Image Removed

  1.  

  2. Select the directory containing the Java Project to be scanned and

select

  1. click OK:

Image Removed
  1. Image Added

     

  2. Select the version of Java the project uses and

select

  1. click OK:

    Image Added

Image Removed

  1.  

Answer

  1. Select the

following

  1. appropriate options from for the

selected

  1. project (the defaults work for a majority of projects) and

select

  1. select Scan:

Image Removed
  1. Image Added

     

  2. After the scan has finished, from the File menu select

File →

  1. Save Project As... and save the results to the desired directory:

Image RemovedImage Added

Notetitle

Filter Set

To see all vulnerabilities within Audit Workbench before uploading them to ThreadFix, go to Tools -> Project Configuration > Filter sets

and

 and make “Security auditor view” the default filter set before saving. 

Upload Results

  1. After generating

the

  1. a report, log in to ThreadFix and navigate to the 

Teams tab.

  1. Portfolio page, found on the Navigation sidebar under the Application sub-menu.

    Image Added

     

  2. Expand the Team

that

  1. the report will be uploaded to:

    Image Added

Image Removed

  1.  

  2. After picking one of the Team's

Application

  1. applications, select Upload Scan and drag the report into the

Pane

  1. pane:

    Image Added

Image Removed

  1.  

  2. Once ThreadFix

has finish

  1. finishes processing the report, the results can be viewed on the

Application

  1. individual application's page:

Image Removed
  1. Image Added

Finding Status Processing

The following list indicates how finding statuses from Fortify are marked within ThreadFix when ingesting a scan:

  • Not an issue

    or

     or Suppressed - False Positive

  • Exploitable

    or

     or Need more information - Open

  • Hidden - not ingested into ThreadFix

Table of Contents

Table of Contents