Highlighted
Trusted Contributor.. Trusted Contributor..
Trusted Contributor..
184 views

Is there a way to view the scan results (AUDIT) by scan artefact date?

Currently, the AUDIT page only shows the latest scan results uploaded.

We have users who want  to see a scan result of a specific fpr upload to compare the differences between scan uploads? Will this be a potential future feature?

0 Likes
5 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Is there a way to view the scan results (AUDIT) by scan artefact date?

The way to do that currently would be to download the FPR file from the artifact view in SSC.

Is this something which you see as a common workflow, as I would expect people are mainly interested in the last scan result as this is showing the most recent issues.

 

0 Likes
Highlighted
Trusted Contributor.. Trusted Contributor..
Trusted Contributor..

Re: Is there a way to view the scan results (AUDIT) by scan artefact date?

The users in our organization does not have access to the AuditWorkBench tool as it requires the license file, they do the scanning by going through a CICD pipeline which contains a shared agent that has the sourceanalyzer installed.

As a result they could only open up the fpr files online at Fortify SSC. As of now, we are requesting the users to generate a report each time they scan such that they have to compare between BIRT reports.

This is a commonly asked question within our organization to check results of previous scans.
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Is there a way to view the scan results (AUDIT) by scan artefact date?

Thanks

I see the point of Audit Workbench

The reason I am asking these question are that the previous scan results might be obsolete really, right? They might not exist anymore in the code as the code has further developed?

Or are we looking at different branches here?

They should probably be moved into different application versions - would that help?

0 Likes
Highlighted
Trusted Contributor.. Trusted Contributor..
Trusted Contributor..

Re: Is there a way to view the scan results (AUDIT) by scan artefact date?

I understand your answer and will reflect these to the end users.

As these end users are only having roles to upload analysis, they are not able to create new versions on the go and have to go through a formal support request process.

As mentioned by you, the different application versions would work in this case. May I check if whether application versions occupy any extra license applications count?
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Is there a way to view the scan results (AUDIT) by scan artefact date?

For the branches - it probably makes sense to have an Applicaiton Version per branch

For the licensing this is a bit dependent on your licensing model you are using

I will send you a private message so we can continue via email

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.