How to suppress low category issues in Webinspect before exporting into SSC dashboard

I would like to know how i can suppress low category issues in the Webinspect tool before Exporting the report into SSC.

Scenario: My application has around 16000 vulnerabilities in the Low category, i don't want to upload these low ones in the FPR file while exporting the issues to SSC (File-> Export-> scan to software security center).


Thanks in advance.

  • Sudheer,

    One way you could do this would be via an issue template in Fortify SSC portal. The benefit being that the LOW findings would still be there, but just hidden.

    From the SSC documentation page 185.

    About Issue Templates
    Applications are defined by issue templates, which determine how Fortify Software Security Center configures and prioritizes the issues uncovered in your application source code. An issue template contains the following settings:

    • Folder filters—Controls how issues are sorted into the folders
    • Visibility filters—Controls which issues are shown and hidden
    • Folder properties—Name, color, and which filter set it is active in
    • Custom tags—Specifies which audit fields are displayed and the values for each

    Fortify Software Security Center comes with pre-designed issue templates that you can either use as they are, or modify (from Fortify Audit Workbench) to suit your application needs.

    To see descriptions of these out-of-the-box issue templates:
    1. On the Fortify header, select ADMINISTRATION.
    2. In the left panel, select Templates, and then select Issue.

    The Issue page lists the issue templates and their descriptions.

    You can import a Fortify Software Security Center issue template into Fortify Audit Workbench, modify it, save it with a new name, and then import it into Fortify Software Security Center. You can also create a new issue template from scratch in Fortify Audit Workbench.