We consistently see a lot of false positives in our Fortify results. Is there a way I can make fortify ignore certain sections of the code? For example can I add some comment in a certain block of code which will then be overlooked by fortify.
You did not specify what language you are scanning so that can change the answer a little bit.
You can exclude files and directories either at the command line with the "-exclude" switch. Once you figure out the syntax you can include this in your build configuration, such as pom.xml.
Look at this URL for some examples:
http://h30499.www3.hp.com/t5/Fortify-Software-Security-Center/how-to-exclude-source-files-from-scan/td-p/6574900
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With