Fortify SSC Duplicate Findings
I would like to ask you for your help. I found out that Fortify scan show duplicate findings (the same 'Primary Location' of issue) in some cases. Do you know how to solve it?
Thank you in advance.
Re: Fortify SSC Duplicate Findings
From my experience this is caused by different routes the scanner took to the line of vulnerable code.
The scanner can take a different code path which ends at this location, I believe you can see the path it took by looking at the stack trace.
So even though there may be only one instance of the issue, the scan results create these 'duplicate' findings for each path it took.