views:

127

answers:

1

While getting scource code analyzed by fortify source code analyzer if I want to skip selected catagory say "Poor Error Handling : Empty Catch Block" - is there any way to do that? In case of checkstyle report generator there is a way to skip selected error being reported. I would like to have that flexibility in case of fortify source code analyzer.

A: 

First, open results containing "Poor Error Handling: Empty Catch Block" in Fortify Audit Workbench. Then, find an Empty Catch Block finding, right click it and select "Create Filter..."

In the filter dialog, select the condition "Category matches Poor Error Handling: Empty Catch Block", and then in the Action section below, select "Hide". Save the filter.

The first thing you'll find is all the Empty Catch Block findings have disappeared. The filter is simply stored in the FPR at this stage.

To publish this filter as a matter of policy, choose Tools->Project Configuration and export your project template. Save the file in the installation directory in Core/config/filters/ as specified in the readme file there. If you do this on all your computers that produce scans, all your FPRs will share the same filter.

If you have a central Fortify 360 Server, you can import this project template into the server instead. It will automatically be applied to any upload to a project of that template.

Douglas Held