I have a Fortify FPR scan file that I open in AWB. I want to generate a report that has all the instances of where the issues are found. When I generate a report it generates the report with the issues by type and their count and below the type I also get names and code snippets of some files where the issue was found. I want to generate s report which has names and code snippets from all files in which issues were found. Is there any way to do that?
The template files can be found in Core/config/reports of your fortify directory.
Copy DeveloperWorkbook.xml to a new file AllIssues.xml and near <title>Results Outline</title> edit limit="5" to limit="-1".
Then run:
ReportGenerator -template AllIssues.xml -format pdf -f output.pdf -source input.fpr
From the Audit Workbench, generate your report and under the 'Results Outline' panel Open up the Listings section and then uncheck the Limit number of issues in each group setting if checked.
had you look at the following command:
$ ReportGenerator -format PDF -f abcd.pdf -source abcd.fpr
Thanks,
Marcelo Muzilli
Related
I am using fortify audit workbench, and I have generated fpr file and when I try open it in fortify a window show operation in progress and keep like this
Nothing changed but updating Big Sur is image of the error showing
A decent workaround is to use the pdf report generator to turn your fpr into a pdf:
ReportGenerator -format pdf -f MyReport.pdf -source MyApp.fpr -showSuppressed -showHidden
I am running following maven command on jenkins
clean org.jacoco:jacoco-maven-plugin:prepare-agent install
The jacaco exec file created as shown below.
target/coverage-reports/jacoco-int-test.exec
I would like to generate this file under following path, since all other Project use same conventions.
target/jacoco.exec
I could not figureout why it is generated in this way and how to modify it as "target/jacoco.exec"
I will use this report in sonarqube analysis.
I would appriciate your helps, thanks in advance.
As per documentation of prepare-agent - destFile parameter controls location of output file, whose default is ${project.build.directory}/jacoco.exec which is exactly target/jacoco.exe. So check your POMs to find where it is modified to be target/coverage-reports/jacoco-int-test.exec.
Basically I am trying to generate the PDF file from the Fortify report file which is in .fpr formate.
Can any one suggest me some utility tool which can be accessed by the .bat file.
I am trying to execute the following command :
i.e,.. ReportGenerator -format pdf -f MyProject.pdf -source MyProject.fpr
Can anyone help me to generate the PDF file from the .fpr file??
Thanks in advance.
There is a command-line utility to generate an Report from the FPR file.
Currently there are two report generators: Legacy and BIRT. The BIRT report engine was introduced into Audit Workbench with version 4.40.
Here is an example using the BIRT Report engine to generate a DISA STIG report
BIRTReportGenerator -template "DISA STIG" -source HelloWorld_second.fpr
-output BirtReport.pdf -format PDF -showSuppressed --Version "DISA STIG 3.9"
-UseFortifyPriorityOrder
The different versions are specified in the SCA Users Guide.
Using the legacy one is a little more involved. The command is:
ReportGenerator -format pdf -f LegacyReport.pdf -source HelloWorld_second.fpr
-template DisaStig3.10.xml -showSuppressed -showHidden
You can either use one of the predefined template reports located in the /Core/config/reports directory or generate one using the Report Wizard and saving the template which gets stored in the C:\Users\<USER>\AppData\Local\Fortify\config\AWB-XX.XX\reports\ directory in Windows.
On Linux/Mac look at the configuration file <SCA Install Dir>/Core/config/fortify.properties for the com.fortify.WorkingDirectory property, this is where the reports will be stored
Report generator is part of Audit workbench installation. Please make sure to install Audit workbench as part of Fortify SCA installation.
I am trying to use ImageMagick to add some text to an image. But I found it always said that my specified font doesn't exist. After reading the manual carefully I noticed that I can use convert -list font to output all the available fonts, but after trying I figured out that the list of available font is empty.
This is what I get:
shell$ convert -list font
shell$
Thanks for any kind of tips.
I just managed to tell ImageMagick about the fonts on my OSX system like this:
# Make a new directory for ImageMagick local settings and cd into it
mkdir ~/.magick
cd ~/.magick
# Grab script to find all fonts on system and store them in a config file
curl -L http://www.imagemagick.org/Usage/scripts/imagick_type_gen > type_gen
# Run script, telling it where my fonts are and create "type.xml" file with list
find /System/Library/Fonts /Library/Fonts ~/Library/Fonts -name "*.[to]tf" | perl type_gen -f - > type.xml
# Go to ImageMagick config folder - see note at end to find correct folder
cd /usr/local/Cellar/imagemagick/6.8.9-1/etc/ImageMagick-6
# Edit system config file called "type.xml" and add line near end to tell IM to look at local file we made in earlier step
<typemap>
<include file="type-ghostscript.xml" />
<include file="~/.magick/type.xml" /> ### THIS LINE ADDED ###
</typemap>
How to find the correct folder for your type.xml file
The folder where type.xml is stored can vary enormously between systems and versions. Most recently the user configuration folder seems to be ~/.config/ImageMagick, but the best way I know of finding it is to run the following command to see where ImageMagick is looking:
convert -debug configure -list font 2>&1 | grep -E "Searching|Loading"
Searching for configure file: "/usr/local/Cellar/imagemagick/7.0.11-6/share/ImageMagick-7/type.xml"
Searching for configure file: "/usr/local/Cellar/imagemagick/7.0.11-6/lib/ImageMagick//config-Q16HDRI/type.xml"
Searching for configure file: "/usr/local/Cellar/imagemagick/7.0.11-6/etc/ImageMagick-7/type.xml"
Searching for configure file: "/usr/local/Cellar/imagemagick/7.0.11-6/share/doc/ImageMagick-7/type.xml"
Searching for configure file: "/Users/username/.config/ImageMagick/type.xml"
Loading type configure file "/usr/local/Cellar/imagemagick/7.0.11-6/etc/ImageMagick-7/type.xml" ...
Loading type configure file "/usr/local/Cellar/imagemagick/7.0.11-6/etc/ImageMagick-7/type-ghostscript.xml" ...
Loading type configure file "/Users/username/.config/ImageMagick/type.xml" ...
So there are lots of places you could insert the fonts. In general, if you choose a folder starting with /etc or /usr/local the fonts will be available for all users and for scripts in your web server to use - if you want that. On the other hand, if you are just a single user, you may prefer to keep the font config file in your login directory, e.g. ~/.config/ImageMagick/type.xml.
With ImageMagic 7.0.10 on MacOs Catalina I have done the following which did the trick.
Edited /usr/local/Cellar/imagemagick/7.0.10-7/etc/ImageMagick-7/type.xml and replaced type-ghostscript with type-apple
Edited /usr/local/Cellar/imagemagick/7.0.10-7/etc/ImageMagick-7/type-apple.xml and added "/System/Library/Fonts/Supplemental" in front of all glyph paths
I have been trying to get the code coverage of some test cases I have been running using lcov.
However when I run
lcov --directory $PWD --capture --output-file lcov.output
I am getting a warning
geninfo: WARNING: cannot find an entry for test.c.gcov in .bb file, skipping file!
If I run gcov directly on test.c, I am able to generate a gcov output which successfully shows the utilization.
I am new to code coverage. Any help to fix this would we greatly appreciated.
There had been a change in the gcov format at some point.
Basically the issue is because current versions of gcov produces a header with source file name etc.
Lcov expected this header and tried to extract this failing which the error was shown.
As a workaround, I modified the LCOV code such that if the header returned was empty, the source file name is assumed directly from the gcov file name. This solution may not be the most elegant as it may cause incompatibles if the gcov file is created with a name different from the source file name
Update: This particular issue was due to a bug in lcov-1.8. The versions from lcov-1.10 should have the fix for this. (http://ltp.cvs.sourceforge.net/viewvc/ltp/utils/analysis/lcov/bin/geninfo?r1=1.106&r2=1.107)