rsenden
commented
1 year ago I did a quick test with the latest version and your configuration file, and it looks like suppressed issues are included in the CSV file as expected, for example:
"Fortify on Demand",Static,28579022,"016B849F15785802F74FD08FE29D2BB9",Critical,"Cross-Site Scripting: DOM","src/main/resources/lessons/sqlinjection/js/assignment13.js",true,57,"Risk Accepted"Are you sure you have any static issues for which the auditor status is set to any of the suppressed states:
hi i might be reading the readme and/or using the configs wrongly. As no matter what i set, im not able to export out Suppressed data.
Hi good day,
Ive used the FoD's inbuilt Export tool and it is able to export all my findings, including suppressed ones. im using v2.0.2.
Hv tried to download vv2.0.0 and faced the same issue.
Ive attached my yaml. Any help is greatly appreciated.
Thks in adv. :)
'# See FortifyVulnerabilityExporter documentation for FoD connection settings and release selection
export: from: fod to: csv
'#fod: vulnerability: filterParam: scanType:Static includeFixed: true includeSuppressed: true
embed:
export.dir: ${export.default.dir} # Use default export directory (unless overridden) csv: output: header: true stdout: false file: ${export.dir}/${release.applicationName}-${release.releaseName}.csv fields: source: Fortify on Demand scanType: $[vuln.scantype] id: $[vuln.id] issueInstanceId: $[vuln.instanceId] category: $[vuln.severityString] description: $[vuln.category] file: $[vuln.primaryLocationFull] suppressed: $[vuln.isSuppressed] line: $[vuln.lineNumber] status: $[vuln.auditorStatus]