TechQA.

How can I combine Fortify FPRs?

935 views Asked by At

I am trying to combine the fprs from multiple different application scans. I have tried

FPRUtility -merge -project foo.fpr -source bar.fpr -f foobar.fpr

But that doesn't seem to do the trick. When I generate a report of foobar.fpr, I only see the results for one of the scans.

Any ideas?

static-analysis fortify sourceanalyser
Original Q&A
1

There are 1 answers

0
jrobles_e36 On

According to Micro Focus's Fortify Audit Workbench User Guide and the Static Code Analyzer User Guide, you can only merge if your project contain the same analysis information. Meaning the scans must be performed on the same source code, same fortify settings, and same security content.

UPDATE

While the above is true regarding fprs, It is possible to merge scan results. You cannot merge fprs from different source codes. However, you CAN merge scan results and generate an fpr based on that.

In your /path/to/.fortify/path/to/build/ you will find a directory named after your <build_id>, that directory contains intermediate files that fortify generates it's fpr off of.

You can run

sourceanalyzer -b <build_id_1> -b <build_id_2> -b <build_id_3> -scan -f combined.fpr

This will generate an fpr that contains scan results from different builds/applications.

Related Questions in STATIC-ANALYSIS

Related Questions in FORTIFY

Related Questions in SOURCEANALYSER

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions