Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

preventing false positives in fortify scan

We consistently see a lot of false positives in our Fortify results. Is there a way I can make fortify ignore certain sections of the code? For example can I add some comment in a certain block of code which will then be overlooked by fortify.

like image 959
Sid Avatar asked Nov 10 '22 04:11

Sid


1 Answers

You did not specify what language you are scanning so that can change the answer a little bit.

You can exclude files and directories either at the command line with the "-exclude" switch. Once you figure out the syntax you can include this in your build configuration, such as pom.xml.

Look at this URL for some examples:

http://h30499.www3.hp.com/t5/Fortify-Software-Security-Center/how-to-exclude-source-files-from-scan/td-p/6574900

like image 135
Dave C Avatar answered Dec 14 '22 06:12

Dave C