Can you roll up project static analysis reports into one big solution report?
Is this possible?
I will be interested to see if anyone else has an response, but here's my 2 cents.
You can run Portfolio reports on multiple projects but I have never found them to be incredibly useful. Depending on what you want to display, the Issue Trending is the most useful in my opinion.
You can also create custom reports using BIRT. I find this to be a lot of effort to create simple reports so I was initially just writing SQL Queries. I currently use Tableau to display things like total Critial, High, Medium findings for all active projects, and I have another report which shows total Individual issues for a given project which we send to developers. It just lists project, project version, friority, issue type, issue subtype, short filename, and line number.
I will also be working on reports for Vulnerability vs LOC metrics as well as Scan Warnings reports. If you have access to Tableau let me know and I can share some things with you. If you want the Initial SQL queries let me know as well.
If you're like me and want to see metrics across your entire portfolio I have not found an effective way to get this level of data from SSC.