How can I see all the rules of Fortify Secure Coding Rules?

security rules fortify
11,152

Solution 1

Short of becoming a Software Engineer at HP Fortify, No. The default rules are considered Intellectual Property of HP Fortify and no one outside Engineering has access to them.

What problem are you trying to solve by this report?

Solution 2

As HP/Fortify distributes rule-packs as binary files to protect their intellectual property, you will not be able to see how the individual rules are written.

However, if you're looking to include some information about which rules/rule-packs were used, you can navigate to the project summary screen and see which rule packs were used at the time of the scan. You will also have access to information such as each rule pack's version and additional meta data about each pack.

Being able to provide this level of detail in a meta-report might be sufficient to preempt follow-up questions. Just a thought...

Share:
11,152
compsey
Author by

compsey

Updated on July 08, 2022

Comments

  • compsey
    compsey almost 2 years

    I want to see the specific rules of Fortify Secure Coding Rules (the rules that Fortify uses by default), because I want to write a report about all rules that are used by Fortify:

    • I have tried to see them in C:\Program Files\Fortify Software\HP Fortify v3.60\Core\config\rules but I have found .bin files and I can't see them.
    • I also have opened AuditWorkbench and in Security Content Management I can't see them either.

    Is there any way to see them?? Thanks for your help.

  • compsey
    compsey over 11 years
    Amm ok!! The idea was to scan a project and generate a report with the auditworkbench for example. However, in another report put the information that I have generated a report of this project thanks of Fortify with this rules... etc. So, I will write that I used the default rules. Thanks!!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Any open-source software that is similar to Fortify?
Is EnableHeaderChecking=true enough to prevent Http Header Injection attacks?
How to fix "Path Manipulation Vulnerability" in some Java Code?
log forging fortify fix
Fortify Path Manipulation error
How to manage OAuth flow in mobile application with server
Are compile-time variables secure in flutter?
Why is it bad practice to use an FCM Server Key on a Flutter/Android client?
How to protect Flutter app from reverse engineering
GDPR and personal data