Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
📙 You will learn
How to generate a Fortify Audit Workbench report and upload it to ThreadFix.
Prerequisites
Audience: IT Professional
Difficulty: Basic
Time needed: Approximately 10 minutes
Tools required: N/A
Generate Results
After launching Audit Workbench,
select Scan Java Project...:
Image Added
Select the directory containing the Java Project to be scanned and
click OK:
- Image Added
Select the version of Java the project uses and
click OK:
Image Added
Select the
appropriate options from for the
project (the defaults work for a majority of projects) and
select Scan:
- Image Added
After the scan has finished, from the File menu select
Save Project As... and save the results to the desired directory:
Filter Set
To see all vulnerabilities within Audit Workbench before uploading them to ThreadFix, go to Tools -> Project Configuration > Filter sets
andand make “Security auditor view” the default filter set before saving.
Upload Results
After generating
a report, log in to ThreadFix and navigate to the
Portfolio page, found on the Navigation sidebar under the Application sub-menu.
Image AddedExpand the Team
the report will be uploaded to:
Image Added
After picking one of the Team's
applications, select Upload Scan and drag the report into the
pane:
Image Added
Once ThreadFix
finishes processing the report, the results can be viewed on the
individual application's page:
- Image Added
Finding Status Processing
The following list indicates how finding statuses from Fortify are marked within ThreadFix when ingesting a scan:
Not an issue
oror Suppressed - False Positive
Exploitable
oror Need more information - Open
Hidden - not ingested into ThreadFix
Table of Contents
Table of Contents |
---|