If you go to the Policy Manager then to Search View and change criteria to Reference Info contains cve. That will give you what I think you are looking for. Good luck!
Hey thanks Billy I will give this a try. To do this you will have to search each Scan Policy individually correct? It would be nice to search all policies all at once wouldn't it? ;-).
My apologies. I misunderstood your question initially but now I see what you are looking for and I don't think the Policy Manager will do that. I was trying to do the same thing but for DoD STIGs and found no solution other than going through the tedious process of reviewing every single check in the policies which is not feasible for me. Good luck!
There may be a way to identify all the Policies that a check is enabled in using SQL Queries. I am not sure if the CVE numbers would be listed in alternate Columns or buried in the report fields. You would have to run this by Fortify Support (support.fortify.com) for details.
-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify