HP Fortify - How to re-scan a project using analysis results from a previous scan on a different machine
I have opened the .fpr file to open the project and run the scan. When I select the file to see the issue. I receive this message:
If I click No to use my current src folder I receive this message:
I want to update the path to point to my project's src folder. I click Update Path and browse to appropriate src folder and click OK.
Now, when I make changes and want to Scan the project again, I click the Scan button. But it won't scan the code. Instead I receive the following message:
There must be a way to use analysis results from a previous scan. I've never seen this error before. Does anybody know how to do this or how to fix my weird situation?
FYI: It even says in the documentation in Chapter 3: Scanning Source Code that
2. Click Scan.
Note: You can only re-scan a project on the same machine where the project was originally
scanned.
The Rescan Build ID dialog box opens.
But I don't get the Rescan Build ID dialog box.
I'm going to list out a few different points, so please forgive me if my response seems a little disorganized
It looks like you are trying to use Audit WorkBench (AWB) to scan your project. I do not believe that you will be able to re-run a scan from AWB, using an FPR that was generated on a different host. You WILL be able to use the information in FPR that you already have, but you will need to use some other options which I will list below.
While you can use AWB to scan your source code, I would recommend against it. Instead, I'd recommend using a script that can be generated by Scan Wizard, From here, I will refer to that script as your "scan script". On the host where you generate the scan script, as long as you do not move the scan script from the location that it was generated in, as long as you don't move the root of your project directory to different location, and that you do not move the FPR after having successfully run a scan using the scan script, then all future scans that you run with that script will automatically merge the old & new results together into one FPR. That new merged FPR will include all audits, comments, and other modifications you have applied to your old. Using a scan script will give you greater flexibility to control your scan and it will make it easier for you to run your scans in a repeatable manner.
Your other option is to simply use AWB (or a scan script) to run a new scan and produce a new FPR. From there when you open your new FPR in AWB, you can use the Merge tool. Just make you have your new FPR opened in AWB when you are performing a merge; not your old FPR.
- Laravel Fortify vue 419 error when logging in after logout
- (Fortify) Category: Android Bad Practices: Missing Google Play Services Updated Security Provider (1 Issues)
- target [Laravel\Fortify\Contracts\RegisterViewResponse] is not instantiable
- Laravel Fortify SPA POST /logout 419 unknown status
- How to fix "Server-Side Request Forgery" issue in spring restTemplate
- How set uploaded avatar in this.$page.props.user with inertiajs?
- How to send laravel 10 fortify reset password email via database queue system?
- Laravel - Fortify guard for different routes and unit tests
- Executing Fortify commands with batch file
- Is Fortify-code scan possible with Scala
- Running Fortify scan over multiple maven projects
- Is EnableHeaderChecking=true enough to prevent Http Header Injection attacks?
- How to resolve unsafe JNI error on fortify
- How to change the verify email message of laravel fortify
- Is it safe to return 200 status code for 403 forbidden or 405 not allowed response in nginx
- What is the solution for Mass Assignment: Insecure Binder Configuration Vulnerability?
- How to Convert Ant Matcher to Spring MVC Matchers?
- Fortify scan getting failed with reason data is used to dynamically construct a SQL query
- laravel8 jetstream & fortify. want to set different redirection after register and login
- upgrade to SnakeYaml 1.31 in spring-boot-starter-parent 2.7.3
- laravel fortify Remember me Functionality in login
- Fortify integration with Maven - install
- Dynamic Code Evaluation: Unsafe Deserialization on SerializationUtils.clone()
- Why setting window.location.href to session storage item value is considered a DOM XSS vulnerability?
- Fortify: How to get issue (vulnerability) list under a project using fortify rest api
- Laravel 8 Fortify login says 429 TOO MANY REQUESTS
- How exactly can someone without source code access exploit a non-final class that has a constructor which invokes overridable functions?
- Laravel 8 / Fortify - Email verification link not working (Safari)
- Loop run an executable against all elements
- Fortify Cross-Site Scripting Persistent on Java Rest API response (JSON string & XML string)