Micro Focus

Fortify Extension for Visual Studio

Software Version: 21.2.0


User Guide


Document Release Date: November 2021 Software Release Date: November 2021



Legal Notices

Micro Focus The Lawn

22-30 Old Bath Road Newbury, Berkshire RG14 1QN UK

https://www.microfocus.com

Warranty

The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.

Restricted Rights Legend

Confidential computer software. Except as specifically indicated otherwise, a valid license from Micro Focus is required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.


Copyright Notice

© Copyright 2009 - 2021 Micro Focus or one of its affiliates

Trademark Notices

All trademarks, service marks, product names, and logos included in this document are the property of their respective owners.

Documentation Updates

The title page of this document contains the following identifying information:


This document was produced on November 01, 2021. To check for recent updates or to verify that you are using the most recent edition of a document, go to:

https://www.microfocus.com/support/documentation


Contents


Preface                                           7 Contacting Micro Focus Fortify Customer Support                      7 For More Information                                   7 About the Documentation Set                               7 Fortify Product Feature Videos                               7


Change Log                                          8


Chapter 1: Introduction                                    10 Fortify Extension for Visual Studio                             10 Fortify Security Content                                  11 About Analyzing the Source Code                             11 Installation                                        12 Upgrades                                         12

Related Documents                                    12 All Products                                      13 Micro Focus Fortify ScanCentral SAST                          14 Micro Focus Fortify Software Security Center                       14 Micro Focus Fortify Static Code Analyzer                         15


Chapter 2: Using the Fortify Extension for Visual Studio                 16

Working with Fortify Software Security Center                    16 Configuring a Connection to Fortify Software Security Center             17 Logging in to Fortify Software Security Center                   17 Synchronizing with Fortify Software Security Center                 18

About Updating Security Content                            19 Configuring Security Content Updates                         19 Updating Security Content                              20 Scheduling Automatic Security Content Updates                    21 Manually Updating Security Content                         21 Importing Custom Security Content                          21



About Scanning Locally                                 22 About Quick Scan Mode                               22 Configuring Local Scan Options                            22 Configuring Advanced Local Scan Options                       24 Scanning Projects or Solutions Locally                         26

About Scanning with Fortify ScanCentral SAST                   26 Configuring Fortify ScanCentral SAST Options                  27 Scanning Projects or Solutions with Fortify ScanCentral SAST            29 Advanced Scanning of Solutions with Fortify ScanCentral SAST            30

Viewing Analysis Results                                 32 Analysis Results Window                                33 Filter Sets                                     33 Folders (Tabs)                                   34 Group By List                                    34 Customizing the Issues Display                            34 Viewing Project Summary Information                          35 Analysis Trace Window                                 36 Issue Auditing Window                                 38 Code Editor                                      42 Grouping Issues                                    43 Creating a Custom Group By Option                         44 Searching for Issues                                  45 Search Modifiers                                  46 Search Query Examples                               52 Performing Simple Searches                             52 Performing Advanced Searches                           53 Filtering Issues with the Audit Guide                           54

Auditing Analysis Results                                  55 Auditing Issues                                     56 Suppressing Issues                                   57 Viewing Suppressed Issues                              57 Submitting an Issue as a Bug                               57

Using Issue Templates                                  57 Saving Issue Templates                                58 Exporting Issue Templates                               58 Importing Issue Templates                               59

Configuring Custom Tags for Auditing                         59



Adding a Custom Tag                                  60 Hiding a Custom Tag                                  61

Creating a Filter Set                                  62 Creating a Filter from the Analysis Results Window                   62 Creating a Filter from the Filters Tab                          63 Copying a Filter to Another Filter Set                         64

Managing Folders                                      64 Creating a Folder                                     64 Adding a Folder to a Filter Set                              65 Renaming a Folder                                    66 Removing a Folder                                    66

Generating Analysis Results Reports                            67 BIRT Reports                                     67 Generating BIRT Reports                              69 About Legacy Reports                                 71 Generating Legacy Reports                             71 Legacy Report Templates                              72 Opening Legacy Report Templates                        72

Working with Audit Projects                                78 Opening Audit Projects                                78 About Merging Audit Data                               79 Merging Audit Data                                  79 Performing a Collaborative Audit                            79 Uploading Results to Fortify Software Security Center                  80

Integrating with a Bug Tracker Application                        81 Filing Bugs to Azure DevOps Server                         81

Troubleshooting                                      82 Enabling Debug Mode                                 82 Locating the Log Files                                  82


Chapter 3: Remediating Results from Fortify Software Security Center          83

Working with Applications                              83 Connecting to a Fortify Software Security Center Application              83 Viewing and Selecting Issues in an Application                    84

Working with Issues                                    86 Audit Tab                                       86 Recommendation Tab                                  88



Details Tab                                      88 History Tab                                      89 Customizing Issue Visibility                               89 Searching for Issues                                  89 Assigning Users to Issues                                89 Assigning Tags to Issues                                90 Locating Issues in Source Code                             90


Send Documentation Feedback                              91

Preface


Preface


Contacting Micro Focus Fortify Customer Support

Visit the Support website to: