Login/Register
Export HP Fortify SCA 4.10 results in EXCEL format
Asked Answered
fortify
S

3

8

I scanned with HP Fortify SCA 4.10 . Now I would like to export the raw results into Excel format to do data massaging to generate pivot tables. Can anybody suggest a easy or hard way to do it.

Squamation answered 23/7, 2014 at 10:48 Comment(3)
Did you figure out a way to do this? Looks like Fortify can only export to PDF, RTF, and XML.Labourite
What is the CMD or Bat file in the Fortify install folder that can generate the excel report?Tanatanach
AS of today, the Fortify cannot generate an excel report. There are 190+ tables in the Fortify DB, to get a configurable report for user specified columns, you need to query multiple tables, so it is difficult to achieve. However, in SCA4.40 release and newer, there is a BIRTReportGenerator.cmd which allows you to query DB columns to get your own report.Sheave
S
8

Reference this url for the DB script to get the EXCEL format (export DB output to Excel): How to diff Fortify SCA scans

Generate a pdf/rtf/xml Report from an existing FPR

  1. ~AWB_Installation_Dir/bin/ReportGenerator -format pdf -f outputFile.pdf -source existing.fpr (replace pdf to your target format, excluding excel format)

Generate a XML Report in AWB

  1. Open Audit Workbench and load your FPR file.

  2. Generate a Report (click the "Reports" button, "Generate Report" window popped up).

    a. Select Report = "Fortify Developer Workbook" (drop down menu)

    b. In "Refine Issues in Subsection" field, paste category:!"" (or click Advanced..", and select Category, is not, )

    c. Click "Save Report"

    d. Set the Format to "XML Report" and set the destination location.

    e. Click "Save" to generate the report.

Configure Excel 2013

First you need to make sure the developer tab is enabled.

a. In Excel, click on File->Options->Customize Ribbon

b. Make sure "Developer" is checked on the right side under "Customize the Ribbon: Main Tabs"

c. Click OK.

Import the XML Schema

Now click on the Developer tab.

a. In the XML section, click on the Source button. An "XML Source" panel will appear on the right side.

b. Click on the "XML Maps" button.

c. Click on the Add button.

d. Navigate to "<HP Fortify SCA install dir>\Core\config\schemas" and select "ReportDefinition.xsd".

e. In the list that appears, select "ReportDefinition", then click OK.

f. Click OK.

Configure the Worksheet Columns

In the "XML Source" panel select the columns that you would like in the table. For example:

a) under Issue, select Category and drag-n-drop it to cell A1.

b) select Friority and drag-n-drop it to B1

c) select FileName under Source and drag-n-drop it to C1

d) under Tag, select Name and drag-n-drop it to D1

e) select Value and drag it to E1

You can select whatever columns you like.

Select the Data Source and Generate the Table Data

  1. Right click on the highlighted area (cells A1 --> E2) and select XML --> Import.

  2. Locate the XML Report that you generated in Audit Workbench.

Now you have yourself an excel worksheet for FPR results.

Sheave answered 4/8, 2015 at 6:45 Comment(4)
What is the CMD or Bat file in the Fortify install folder that can generate the excel report?Tanatanach
A tip for Audit Workbench v4.40: you must select Tools --> Generate Legacy Report in order to generate a report in XML format.Perseverance
@Nicholas DiPiazza: There are no direct command to generate .xml file. The fastest way is to query DB. Otherwise the method posted here is the only way I know of.Sheave
@Nicholas DiPiazza: sorry for typo: There are no command to generate EXCEL fileSheave
B
4

Sorry for the late response, but I just discovered this stack. Here is the START of a way for you to do this.

In FortifyInstallRoot\Core\resources\sca there is an xsl. If you extract the audit.fvdl file from your FPR (FPRs are just zip files) and add this as the 2nd line: <?xml-stylesheet type="text/xsl" href="fvdl2html.xsl"?> Then, rename the audit.fvdl to audit.fvdl.xml, you can open it in a browser and it will be formatted. You could take the stylesheet (the .xsl) and modify it to your purposes.

Barthel answered 27/8, 2014 at 14:40 Comment(2)
What is the CMD or Bat file in the Fortify install folder that can generate the excel report?Tanatanach
I followed your steps and got the browser to display the data (thank you). By any chance you know a permanent way so the FPR can be displayed on browser by default without manual intervention?Sheave
B
0

You can also copy and paste selected results from Audit Workbench to Excel. Copy command: Ctrl-Shift-Alt-C Paste using text import and split on comma instead of space.

Balancer answered 11/11, 2019 at 15:1 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.