Viewing and selecting issues
To view and select issues in an opened application version:
From the Group By list, select an attribute for sorting issues in all visible folders into groups.
The default grouping is Category. For a description of the available Group By attributes, see Grouping Issues.
To filter the issues within the selected grouping:
From the Filter By list, select a filter category.
To refine the issues further, select a filter option from the list to the right of the selected filter category.
By default, issues assigned to your Application Security user name are visible. To see issues assigned to all users, click the Clear button
.To see issues assigned to a specific user, do the following:
Click the Select User button
.In the Select User dialog, select a user name, and then click OK.
Only issues assigned to the selected user are shown in the Fortify Remediation window.
To see only issues assigned to you, from the Filter By list, select Assignments and My Assignments.
Click a folder (tab) to view the associated issues.
The folders shown depends on your Group By, Filter By, Assigned User, and Filter Set selections. It is possible that not all folders are shown. The folders shown also depends on the issue template associated with the application version.
The following table describes the folders that are visible when the Security Auditor View filter set is selected.
Folder Description Critical This folder contains issues that have a high impact and a high likelihood of occurring. Issues at this risk level are easy to discover and to exploit and represent the highest security risk to a program. Remediate critical issues immediately. High This folder contains issues that have a high impact and a low likelihood of occurring. High‑priority issues are often difficult to discover and exploit but can result in much asset damage. They represent a significant security risk to a program. Remediate these issues with the next patch release. Medium This folder contains issues that have a low impact and a high likelihood of exploitation. Medium‑priority issues are easy to discover and exploit but often result in little asset damage. These issues represent a moderate security risk to a program. Remediate these issues as time permits. Low This folder contains issues that have a low impact and a low likelihood of exploitation. Low‑priority issues are potentially difficult to discover and to exploit and typically result in little asset damage. These issues represent a minor security risk to the program. Remediate these issues as time permits.
All This folder contains all the issues.
Within each color-coded folder, issues are grouped into subfolders. At the end of each folder name, enclosed in brackets, is the number of audited issues and the total number of issues in the folder. For example, a folder with the name Command Injection - [1 / 3] indicates that one issue out of three categorized as Command Injection has been audited.
Expand the Advanced Filter Options section to access the filter set and issue visibility settings.
From the Filter Set list, select a filter to apply:
- Select Security Auditor View to list all issues relevant to a security auditor.
- Select Quick View to list only issues in the Critical folder (these have a potentially high impact and a high likelihood of occurring) and the High folder (these have a potentially high impact and a low likelihood of occurring).
You might see different filter sets depending on the filter sets associated with the application you opened.
Click to expand a folder and view the associated issues.
The Fortify Extension for Visual Studio retrieves the corresponding issues from Application Security.
Click an issue name to view the issue information.
Selecting the check box for an issue opens the Bulk Audit tab where you can add audit information for multiple issues.
See Also