Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Absent Member.
Absent Member.
6337 views

In repeat scans, Fortify reported new issues from the files which are not changed

Fortify scan reported some issues in the files which are not changed since March. (for 6 months now)

Previous scan were not showing these issues.

I do not understand why we are seeing those issues now in recent scans.

Tags (2)
0 Likes
3 Replies
Absent Member.
Absent Member.

I'm having the same problem. I made three different scans in the exactly same file and got three different results.
Did you solve this?

0 Likes
Absent Member.
Absent Member.

No solution yet.

I want to investigate below possibilities:

- One possibility is that, some errors/exceptions on these files has pre-maturely aborted the scans, which have finished fine in recent scan. The scan logs might come handy to reveal more.

- Second possibility is that – Issues are often related to more than one files. Code change in file A can lead to new issues in unchanged file B, if the code path connects these A and B files.


Do you think any of the above happened in your case?


0 Likes
Absent Member.
Absent Member.

Maybe the first possibility that you mentioned. I don't believe the second one may be my problem because files weren't modified.

Other thing that I noticed is that WebInspect run into the same problem.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.