Using Audit Workbench, how can I copy or print the list of suspect files?

A Fortify Audit Workbench scan of a folder just produced a list of over 100 files with security issues.  I need to notify the developers, but the list is too long to type.  The screen list cannot be copied and pasted, nor saved as a pdf, and the AWB Report does not even have the list.

How can I make an editable/copyable/pasteable list of these suspect files?

Tags:

  • Select all of the isses with CTRL A and then bulk copy with ctrl alt shift c

    You can customize the format and data that is bulk copied. This is documented in the AWB guide in the section "Creating Attribute Summary Tables for Multiple Issues".

    In summary

    • open the FPR
    • select the proper filterset
    • switch to the all issues tab
    • select Group By <none>
    • Depending on what you're looking for, you might want to toggle the "Options -> Collapse" Issues off
    • Specify a custom format for the issue copy attributes function in: Options -> Options... -> Audit Featuers Configurations -> Format manually
      • Enter java formatter syntax http://docs.oracle.com/javase/6/docs/api/java/util/Formatter.html
      • using ctrl alt shift f will show you all of the possible attributes and what their column number would be. For example, if you wanted just "File Category CWE" you could enter [v]$1s $2s $3s %n
      • [v] to display each issue in its own row (instead of a column), $1 – output the 19-th property first, $2 – output the 10-th property second, $3 – output the 17-th property third. You can create more complex expressions if you need
      • The output would look like: JavaSource/org/owasp/webgoat/lessons/admin/ReportCardScreen.java Cross-Site Scripting: Reflected "CWE ID 79, CWE ID 80"