Comments (2)
We currently don't have an out-of-the-box solution for exporting vulnerability data from FPR files. Possibly we could add support for reading FPR files in FortifyVulnerabilityExporter, but given little demand for such a feature, best chance to get this implemented is by engaging Fortify Professional Services to implement this for you. Note that the FPR file format is not documented, so potentially such an integration could break if the FPR file format is changed in a future Fortify version.
Alternatively, you or Fortify Professional Services can build a custom script/utility to extract vulnerability data from the FPR file (either directly, or from an XML report generated by the Fortify ReportGenerator utility) and convert this data to the JSON format expected by GitHub.
from fortifyvulnerabilityexporter.
Thank you for your response. I have gone down the path of translating and creating a SARIF file which, I understand, is the format GitHub Security prefers. However, there appears to be some GitHub custom fields that are not getting mapped to the resulting SARIF file. With a couple of Fortify Actions available on GitHub, I had hoped that the custom mapping was done in the FortifyVulnerabilityExporter. It sounds like the tool I'm using (MS sarif-sdk multi-tool converter) may not be updated with the required GitHub fields. I'll look into using the XML report. Thanks again.
from fortifyvulnerabilityexporter.
Related Issues (20)
- How to disable SSC URL link within GITLAB-SSC integration using Vulnerability Exporter container. HOT 2
- Backstage Plugin HOT 3
- Gitlab report not parsing properly HOT 2
- Dockerfile HOT 1
- How to add comments to Gitlab SSC output using custom config? HOT 2
- SSC to Bitbucket config is not working as expected HOT 2
- GitLab: Update schema version
- Add Debricked as SCA option HOT 1
- How to filter for all 10 'OWASP Top 10 2017' in SSC HOT 3
- How to add the actual code snippets for each vulnerability when exporting to Json or Csv? HOT 6
- includeSuppressed HOT 2
- JSON Raw format export issue of Java 8 date/time type
- Invalid line numbers in GitHub SARIF output under `codeFlows` HOT 2
- fortify-vulnerability-exporter unable to generate report for GitLab HOT 2
- Fail on unknown command-line arguments
- Reconsider ability to process all releases for matching app(s) when using `fod.release.name`/`ssc.version.name` properties
- Fortify SCA SARIF inaccuracy causing poor GitHub Code Scanning experience HOT 17
- Sarif - any way to parameterize the output file name?
- SSCToSonarQube - using ssc.vulnerability.queryParam, with 2 or more attributes HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fortifyvulnerabilityexporter.