In my Jenkins job, FPR file is generated after running the scan on particular build of code. If I download the FPR file and open it using SCA workbench it shows me the following count : Critical-0, High-0, Medium-0 and Low-313.
But when i run the below FPR utility command on the same fpr file using Command Line I get the count as follows : Critical-2, High-7, Medium-0 and Low-314.
Below is the command that I ran -
FPRUtility -[myfprfilename].fpr -information -search -query "[fortify priority order]:critical" FPRUtility -[myfprfilename].fpr -information -search -query "[fortify priority order]:high" FPRUtility -[myfprfilename].fpr -information -search -query "[fortify priority order]:medium" FPRUtility -[myfprfilename].fpr -information -search -query "[fortify priority order]:low"
Initially I thought it is showing count of suppressed and hidden issues so in FPR file, under option I check marked show suppressed and show hidden issues, but still the count does not matched with count displayed by FPRUtility command.
I wan to know how are we getting the extra count and what can I do to remove the extra issues count?
I suspect this is a filter issue, maybe there is a default filter set on your AuditWorkbench hiding the raw issue counts.