Fortify Static Code Analysis Tool allows us to create scan reports using command line utility ReportGenerator.
By default ReportGenerator creates report using the template OWASP2007.xml
Here is an example of generating PDF scan report using command line utility
ReportGenerator -format pdf -f outputFile.pdf -source dev-rkm-KMS-aggregate.fpr We can create report either in pdf or rtf or xml.
Some times we get an error like
Xlib: connection to "localhost:10.0" refused by serverXlib: PuTTY X11 proxy: wrong authentication protocol attempted
It means ReportGenerator will open Xwindows and your server doesn't have any Xserver running. You can try to run some simple X applications like xcalc or xterm on your machine and make sure Xserver is running fine.
But there is also an option -template, using which we can generate reports of various formats.This option is not well documented. When you say "ReportGenerator -help", it just says
-template The Fortify Report template used to define the report.
But what are the various available template names, which they are not giving information.
Anyways still we can find out available templates in the directory fortify-install-dir/Core/config/reports
Available templates are
1) DefaultReportDefinition.xml
2) DeveloperWorkbook.xml
3) OWASP2004.xml
4) OWASP2007.xml
5) ScanReport.xml
Here is an example of using template option
ReportGenerator -format pdf -f outputFile.pdf -source dev-rkm-KMS-aggregate.fpr -template "ScanReport.xml"
0 comments:
Post a Comment