Hello,
We have updated from Fortify 22.1.1 to Fortify 24.2.0 and have noticed certain findings are no longer present. These findings have included "Poor Style: Variable Never Used" for Java and C++ scans, and “Poor Style: Empty Synchronized Block” for Java scans.
The code snippets we've used to test for these findings are as follows:
For C++ and Java:
if (false) { int i = 0; }
and for Java:
synchronized(this) { }
We have seen these findings present in 22.1.1, but when we upgraded to 24.2.0 they are no longer found. Is there a setting we have to enable inside the Audit Workbench to show these findings? Or in Fortify 24.2.0 were these findings removed?
Thank you in advance!