I am using AWB version 4.10.0120 and SCA version 6.10.0120. I'm trying to generate a report in audit workbench only for critical and high issues or by comment dates. Is this possible?
Open project report in workbench
Go to Reports and select the report template, i.e. Fortify Developer Workbook, OWASP top 10 2010
Go to results outline on right pan and in left pan you will see Refine issues in subsection, click on "Advanced" link
Chose the filter, Fortify Priority order: Critical &High, if you have create two filters using &operator
You can use the filter comments if you want to generate result based on comments contains some keywords
If you can apply these filter in other subsection of the report i.e. Issue count by categories, issues breakdown by analysis, executive summary.
Related
While converting the audited .fpr files to pdf in audit workbench for fortify scan results, only one issue's comment under each category is present in the pdf file. On what basis is the tool selecting which issue's comment to print in the pdf?
Please help. Thanks in advance
If you go to generate legacy report, Pop up will show up.
On the top you will find button for "Visibility Setting" , this will show another pop up for showing Suppressed/ Removed / Hidden issues. HP fortify snapshot.
Also "Issue Breakdown by Analysis" tab also gives control while adding issues
Can any one please suggest how do I enable below standard reports in TFS Reports (Scrum):
1) Status on all iteration (Scrum Template)
2) Burndown and Burnrate (Scrum Template)
TFS Reporting service is configured following below guideline and Scrum Template has been imported.
https://www.visualstudio.com/docs/report/admin/add-reports-to-a-team-project
But what I am able to see is only below four reports and not others:
1) Backlog Overview 2) Release Burndown 3) Sprint Burndown 4) Velocity
How do I get other reports over here that are listed in https://msdn.microsoft.com/en-us/library/dd380706.aspx ? which appears to be standard, out-of-box reports which can be used directly.
This is very well-documented if you simply looked on MSDN. I found all of this information by following a few links from the URL you initially provided.
https://www.visualstudio.com/docs/report/admin/upload-reports
Basically, you use the Team Foundation Power Tools to upload the reports.
If the reports are created for another Work Item Template than the one you use in your project then, you might not be able to use the report directly. You might however be able to get it to work with a little editing if it is just a matter of some fields that have other names.
Through the Team Explorer -> Reports click the Go To Site text link to get to the Reporting Services web page. Here you can click the little triangle for one of the existing reports and choose Edit in Report Builder or create a new one by clicking the Report Builder link in the toolbar. I have found that it is far easier to edit an existing report to accommodate your needs than starting from scratch. Over time you might get the hang of it and be able to create your own reports from scratch.
We have Fortify SCA and we are setting up regular, automated scans of our source code. Our intention is to have an alert if there is an introduced security issue. Is there a way, perhaps using FPRUtility (or some other method) to accomplish this? Ultimately I prefer something that can be easily run from the command line, but if this can also be accomplished using the GUI then I would appreciate knowing how to do that as well.
Use Audit Workbench to run a report. Choose "developer workbook" and disable all except one section. (you can choose any section you want).
In the report section's additional properties, set the filter for the issues to [issue age]:new. This means the report will show ONLY issues in your FPR that were not present in the previous scan, and were introduced in the latest scan. Save the template.
In your scan configuration, make sure to scan to the same FPR every time per project, so that "new" issues can be calculated by the report runner.
After the scan is complete, use the answer by #user1836982 to run the report. Choose the XML template and process it programmatically.
(1) Command for the Fortify report generation to XML FORMAT:
FORTIFY_INSTALL_DIR\bin\ReportGenerator.bat -format xml -f target_file_name.xml -source your_fpr_file_name.fpr -template Detailed-DefaultReportDefinition.xml
(2) you can also use AWB to generate the .pdf/.rtf/.xml report by Report(top menu bar) -> save report -> select format ->save
(3) Just added procedure to create excel sheet here: Export HP Fortify SCA 4.10 results in EXCEL format
(4) If you have access to DB (oracle), you can query with script
If you are using Fortify SCA, you should also have access to Fortify Software Security Center (SSC). SSC can be used to track trending data across builds of a project. SSC has built in capabilities to send out alerts based on user-defined events within SSC; I have never worked with those so can't offer any thoughts other than what the docs say.
The reports generated by Fortify SCA (.fpr files) are zip files XML documents storing all the relevant data; I would suspect some of the data in those files are related to the SCA rulesets that are present in both SCA and SSC instances. I suspect without the rulesets you would be able to determine that new issues have been introduced, but not any good data on what they are, priority level, etc.
Whenever we start a new iteration I have to set the default value for the iteration parameter in the burndown report (and also other reports). To get the value I follow this instruction (http://salvoz.com/blog/2010/05/04/tfs-2010-default-iteration-and-area-for-burn-down-report/), which includes getting the value with Sql Management Studio connected to the Analysis Service on the tfs data tier. This is becoming increasingly difficult since the number of projects is increasing.
A nicer way to get iteration id's would to get them from a report, whose sole purpose would be to list iterations and show their id's. The report could preferably be installed in the project collection root, i.e. DefaultCollection -folder, and list all iterations for all projects in that collection.
Anyone already have this?
I finally created a report that lists all iterations in TFS and shows their id and a string that can be pasted directly into the default value for IterationParam for the burn down report.
The report looks like this http://i41.tinypic.com/2qm2bs4.png
The rdl-file that can be installed into Reporting Services can be found here. I installed in in the TfsReports-folder that is in the root of Reporting services.
The original sql was found here
I think the best way to do it is how John Socha-Leialoha described using MDX Studio connected up to the OLAP cube for TFS. Here's where you can download MDX Studio.
You essentially end up dragging & dropping the iteration node to the Query Editor so that it will show you the Iteration ID.
My team is using TFS 2008 and Conchango template for Scrum. We use the Sprint burndown chart, sprint view and sprint task board reports to track the status of tasks on daily basis. The burndown chart and sprint view are also shown on a LCD TV screen. These reports are manualy exported daily as PDF files.
Is there any utility which can pull the reports daily at scheduled interval and export them as pdf?
If the reports are available in the report server, all you need to do is create a subscription.
Go to the report server (e.g. http://tfs/reports)
Find your report and click on it to run it once.
Click on the "Subscriptions" tab.
Fill out the details, and you should be good to go.
If the reports are only available in the VS IDE, you might need to re-create them in SSRS.