Fortify Security Report

Executive Summary

Presents an overview of the scan. This includes an overview of issues, an overview of issues by Fortify Priority Order, and recommendations for issue remediation. This section is designed for management and project managers.

Issues Overview

Editable overview of the issues, including the date of the scan, number of issues, name of the project, scan summary, and total number of detected issues.

Issue Summary by Fortify Priority Order

Issues are categorized into the following four risk quadrants based on whether they have a high or low impact, and high or low likelihood of being exploited:

• Critical - High impact and high likelihood. Critical issues are easy for the attacker to discover and exploit to result in extensive asset damage.
• High - High impact but low likelihood. High priority issues are often difficult to discover and exploit, but can result in extensive asset damage.
• Medium - Low impact but high likelihood. Medium priority issues are easy to discover and exploit, but often result in little asset damage.
• Low - Low impact and low likelihood. Low priority issues are difficult to discover and exploit and typically result in little asset damage.

You can present this information in table, pie chart, or bar chart.

Recommendations and Conclusions

High-level recommendations about how to remediate the issues listed in the Issue Summary by Fortify Priority Order subsection. You can edit the text in this subsection.

Project Summary

Provides project summary information such as the codebase, scan information, results certifications, and so on.

Code Base Summary

Summary of the analyzed codebase. You can edit the text element of this subsection.

Scan Information

Analysis details. You can edit the text element of this subsection.

Results Certification

Results certifications summary. You can edit the text element of this subsection.

Attack Surface

Attack surface summary. You can edit the text element of this subsection.

Audit Guide Summary

Summary of the audit guide. You can edit the text element of this subsection.

Results Outline

Provides an outline of the results that OpenText SAST produced during the scan.

Overall number of results

Total number of results that OpenText SAST produced during the scan. You can edit the text element of this subsection.

Vulnerability Examples by Category

Results summary of highest-level issues by category.

Detailed Project Summary

Provides a detailed project summary.

Files Scanned

List of all scanned files. You can edit the text element of this subsection.

Reference Elements

List of all libraries that OpenText SAST used in the translation phase of analysis. You can edit the text element of this subsection.

Rulepacks

List of Rulepacks that OpenText SAST used in the analysis. You can edit the text element of this subsection.

Properties

List of properties that OpenText SAST set in the analysis phase. You can edit the text element of this subsection.

Warnings

List of all warnings issued during both the translation and analysis phases of the scan. You can edit the text element of this subsection.

Issue Count by Category

Provides a chart of Issues by category. This chart is configurable.

Issues By Category

Chart of issues by category. You can present the information in a table, pie chart, or bar chart.

Issue Breakdown by Analysis

Provides a chart of issues by analysis. This chart is configurable.

Issue By Analysis

Chart of issues by analysis. You can present the information in a table, pie chart, or bar chart.

New Issues

Provides a chart of all new issues. This chart is configurable.

New Issues

Chart of new issues. You can present the information in a table, pie chart, or bar chart.