to shorten the work time on handling fortify scanning, i am trying to do some automatic bat. now i have some trouble on filtering the issue of scanning result(*.fpr).
the command i try is
sourceanalyzer -b %FileName% -scan -filter filter.txt -format fpr -f "D:\%~2%FileName%.fpr" -logfile "%FileName%3.log"
and the filter.txt content:
Insecure SSL: Server Identity Verification Disabled
JSON Injection
In the UI(Fortify Audit Workbench) export the filter(*.xml, i find the name of "filter" is "Issue Templates"), you can try the following format to filter the JSON Injection issue in Critical priority order:
<Filter>
<actionParam>true</actionParam>
<query>[category]:"JSON Injection" AND [fortify priority order]:"Critical"</query>
<action>hide</action>
</Filter>
but it can't be in command line....QQ
i also had tried FPRUtility.bat, BIRTReportGenerator.cmd, and ReportGenerator.bat, but the filter couldn't be custom. does anyone have some advice?