Export all Vulnerability Defintions and Summaries?
We create a separate report for our customers in the form of a word document that we use for tracking fixes between us and our customers (they document how they have fixed something, we review it, send it back with our comment, etc, it's a working document). SmartUpdate, rightfully so, is always updating the vulnerability summaries and classifications as new definitions evolve. My question is, is there a way to export/dump out ALL the Vulnerability Defintions and Summaries to text?
Example of one; we want all so we can format our working documents accordingly as opposed to peicemeal:
Summary: Privacy Violation: Autocomplete
Vulnerability ID: 5597
CWE ID: 200
Kingdom: Security Features
Most recent browsers have features that will save form field content entered by users and then automatically complete form entry the next time the fields are encountered. This feature is enabled by default and could leak sensitive information since it is stored on the hard drive of the user. The risk of this issue is greatly increased if users are accessing the application from a shared environment. Recommendations include setting autocomplete to "off" on all your forms.
Re: Export all Vulnerability Defintions and Summaries?
Have you looked into the Export > Scan Details option to output "Full" results (XML)? This outputs all the scan's findings, plus all of the Remediation Details. Once you identify the relevant tags, you should be able to write a transformation that pulls the selected fields from that XML to your definitions document.
-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify