User Guide
Chapter 3: Using Fortify Security Assistant
Fortify Security Assistant creates the Fortify issues suppression file (.FortifyIgnore) in the same
directory as your project solution when you first suppress an issue category. You can edit this file
using a text editor. After you make changes to the issue suppression file, re-analyze your solution to
apply the suppressions.
Each line in this file can contain either:
l
Suppression of a Fortify category
Specify the full Fortify category to suppress issues of that category for all files in the project.
Fortify Security Assistant adds a line to the .FortifyIgnore file each time you suppress a
category in the Error List window.
For example:
ASP.NET Misconfiguration: Debug Information
Cookie Security: HTTPOnly not Set on Application Cookie
l
Suppression of all issues in one or more files
For example, you might want to use this to suppress all issues in files that contain generated code.
The syntax for this type of suppression follows these rules:
l
The first character must be a slash (/) or backslash (\).
l
Use a single asterisk (*) to represent zero or more file name characters.
l
Use two asterisks (**) to represent zero or more directories or all directory contents when
specified at the end of the line.
l
Paths must be relative to the .FortifyIgnore file location. You can use either the slash or
backslash as the directory separator.
For example, the following line suppresses all configuration issues for any file with the .xml
extension in the Generated directory:
/**/Generated/*.xml
The following example suppresses all configuration issues in one specific file:
/my/full/path/file.config
The following example suppresses all configuration issues in all files with the .config extension in
the root solution directory:
/*.config
The following example suppresses all configuration issues for all files in the test directory:
/test/**
Micro Focus Fortify Security Assistant Extension for Visual Studio (22.1.0)
Page 18 of 19