Visitor..
Visitor..
139 views

How to suppress low category issues in Webinspect before exporting into SSC dashboard

I would like to know how i can suppress low category issues in the Webinspect tool before Exporting the report into SSC.

Scenario: My application has around 16000 vulnerabilities in the Low category, i don't want to upload these low ones in the FPR file while exporting the issues to SSC (File-> Export-> scan to software security center).

 

Thanks in advance.

0 Likes
1 Reply
Highlighted
Super Contributor.. Super Contributor..
Super Contributor..

Re: How to suppress low category issues in Webinspect before exporting into SSC dashboard

Sudheer,

One way you could do this would be via an issue template in Fortify SSC portal. The benefit being that the LOW findings would still be there, but just hidden.

From the SSC documentation page 185.

https://www.microfocus.com/documentation/fortify-software-security-center/1810/SSC_Guide_18.10.pdf

About Issue Templates
Applications are defined by issue templates, which determine how Fortify Software Security Center configures and prioritizes the issues uncovered in your application source code. An issue template contains the following settings:

  • Folder filters—Controls how issues are sorted into the folders
  • Visibility filters—Controls which issues are shown and hidden
  • Folder properties—Name, color, and which filter set it is active in
  • Custom tags—Specifies which audit fields are displayed and the values for each

Fortify Software Security Center comes with pre-designed issue templates that you can either use as they are, or modify (from Fortify Audit Workbench) to suit your application needs.


To see descriptions of these out-of-the-box issue templates:
1. On the Fortify header, select ADMINISTRATION.
2. In the left panel, select Templates, and then select Issue.

The Issue page lists the issue templates and their descriptions.

You can import a Fortify Software Security Center issue template into Fortify Audit Workbench, modify it, save it with a new name, and then import it into Fortify Software Security Center. You can also create a new issue template from scratch in Fortify Audit Workbench.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.