Grouping issues
The items visible in the Fortify Remediation window issues list vary depending on the selected grouping attribute. The attribute you select from the Group By list sorts issues in all visible folders into subfolders. Use the Group By attributes to group and view the issues in different ways. The following table describes the available Group By attributes.
| Attribute | Description |
|---|---|
| Analysis | Groups issues by the audit analysis value assigned, such as Suspicious, Exploitable, and Not an Issue. |
| Analysis Type |
Groups issues by analyzer product, such as SCA, WEBINSPECT, and SECURITYSCOPE (WebInspect Agent). |
| Analyzer | Groups issues by analyzer group, such as Control Flow, Data Flow, Semantic, and Structural. |
| App Defender Protected | Groups issues by whether Application Defender can protect the vulnerability category. |
| Category | Groups issues by vulnerability category. This is the default setting. |
| <custom_tagname> | Groups issues by the selected custom tag. |
| Engine Priority |
Groups issues based on the original priority value determined by the engine that identified the issue. |
| File Name | Groups issues by file name. |
| Folder |
Groups issues by folders defined in the issue template. |
|
Fortify Priority Order |
Groups issues as Critical, High, Medium, and Low based on issue priority. |
| Introduced date |
Groups issues by the date the issue was first detected. |
| Issue State |
Groups audited issues by whether the issue is an open issue or not an issue based on the level of analysis set for the primary tag. Values equivalent to suspicious and exploitable are considered open issue states. |
| Kingdom | Groups issues by the Seven Pernicious Kingdoms classification. |
| Manual | Groups issues by whether they were manually created by penetration test tools, and not automatically produced by a web crawler such as OpenText™ Dynamic Application Security Testing. |
| <metadata_listname> | Groups issues using the alternative metadata external list names (for example, OWASP Top 10 <year>, CWE, PCI SSF <version>, STIG <version>, and others). |
|
New Issue |
Shows which issues are new since the last scan. For example, if you run a new scan, any issues that are new display in the tree under the NEW group and the others are displayed in the UPDATED group. If removed issues are visible, issues not found in the latest scan are displayed in the REMOVED list. |
| Package |
Groups issues by package or namespace. Does not appear for projects for which this option is not applicable, such as C projects. |
| Primary Context |
Groups issues where the primary location or sink node function call occurs in the same code context. |
| Priority Override | Groups issues by the Priority Override tag value assigned. |
| Sink | Groups issues that share the same dataflow sink functions. |
| Source | Groups issues that share the same dataflow source functions. |
| Source Context |
Groups dataflow issues that have the source function call contained in the same code context. |
| Source File |
Groups dataflow issues by the source code file where the taint originated. |
| Status |
Groups issues by the audit status (Reviewed, Unreviewed, or Under Review). |
| Taint Flag | Groups issues by the taint flags that they contain. |
| URL |
Groups dynamic issues by the request URL. |