Ensign Ensign

Export all Vulnerability Defintions and Summaries?

We create a separate report for our customers in the form of a word document that we use for tracking fixes between us and our customers (they document how they have fixed something, we review it, send it back with our comment, etc, it's a working document).  SmartUpdate, rightfully so, is always updating the vulnerability summaries and classifications as new definitions evolve. My question is, is there a way to export/dump out ALL the Vulnerability Defintions and Summaries to text?

Example of one; we want all so we can format our working documents accordingly as opposed to peicemeal:

Summary: Privacy Violation: Autocomplete
Vulnerability ID: 5597
CWE ID: 200
Kingdom: Security Features
Most recent browsers have features that will save form field content entered by users and then automatically complete form entry the next time the fields are encountered. This feature is enabled by default and could leak sensitive information since it is stored on the hard drive of the user. The risk of this issue is greatly increased if users are accessing the application from a shared environment. Recommendations include setting autocomplete to "off" on all your forms.


Labels (1)
1 Reply
Micro Focus Expert
Micro Focus Expert

Have you looked into the Export  > Scan Details option to output "Full" results (XML)?  This outputs all the scan's findings, plus all of the Remediation Details.  Once you identify the relevant tags, you should be able to write a transformation that pulls the selected fields from that XML to your definitions document.

-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.