views:

28

answers:

1

sourceanalyzer -b ID ttt.sql (no error) sourceanalyzer -b ID -scan -f result.fpr (no error)

But when I used Fortify Audit Workbench to open the result.fpr file,there is nothing in Issues(no Hot,no Warning,no Info). Was I missed out any parameters in the sourceanalyzer's command ?

A: 

This is quite common. As of SCA 5.9.5, SCA may not find many vulnerabilities in T-SQL files.

Douglas Held