Fortify

You can either import the findings in .xml or in .fpr file format.
If you import a .fpr file, the parser will look for the file ‘audit.fvdl’ and analyze it. An extracted example can be found here.

Sample Scan Data

Sample Fortify scans can be found here.

Generate XML Output from Foritfy

This section describes how to import XML generated from a Fortify FPR. It assumes you already have, or know how to acquire, an FPR file. Once you have the FPR file you will need use Fortify’s ReportGenerator tool (located in the bin directory of your fortify install). FORTIFY_INSTALL_ROOT/bin/ReportGenerator

By default, the Report Generator tool does not display all issues, it will only display one per category. To get all issues, copy the DefaultReportDefinitionAllIssues.xml to:
FORTIFY_INSTALL_ROOT/Core/config/reports

Once this is complete, you can run the following command on your .fpr file to generate the required XML:

./path/to/ReportGenerator -format xml -f /path/to/output.xml -source /path/to/downloaded/artifact.fpr -template DefaultReportDefinitionAllIssues.xml

Last modified April 2, 2024: Merge pull request #9867 from DefectDojo/release/2.33.0 (ca4250f)