We're looking at how we can reincorporate comments/tagging analysis performed in previous scans without having to store away the entire previous FPR file. It appears that this is stored in a simple xml "audit.xml" within the .FPR. The tooling doesn't seem to provide any way of utilizing this analysis in subsequent scans, short of a full "merge", which requires retaining the entire previous .FPR file. Ideally, we'd like our developers to comment on issues, save audit.xml as permanent artifact in the project (allowing for diff-merges), then reincorporate the audit results in subsequent scans.
It seems like it would be straightforward enough to replace the empty audit.xml in a new scan with the previous result. This might have been unanticipated by the developers of the solution, however, and I wanted to get some feedback from HP before attempting to proceed with such a strategy. Ideally, -merge should be able to accept just audit results, with a complimentary function to export audit results. Is there a way to formally suggest an enhancement request?