Reputation: 2663
List of fortify rules
For documentation purpose I want to prepare a list of all rules HP fortify applies on a code.
For example, sonar provides a json web service (http://nemo.sonarqube.org/api/rules/search?languages=java) which lists all the rules sonar applies on the code.
Is there any way I can find a list of all fortify rules applied on a piece of code?
I checked this post How can I see all the rules of Fortify Secure Coding Rules? but I think the author of this post wanted to look at the code/implementation of each rule. I do not want to know how the rules are implemented. I want to simply know the list of rules what fortify applies on the code.
Upvotes: 2
Views: 6758
Answers (2)
Reputation: 12266
Fortify has a list of the rules online. You can search vulncat by language. For example, here are all the Java rules. On the left side, you can change the language to any of the supported ones to see the rules for that language.
Upvotes: 2
Reputation: 1461
This is a proprietary implementation detail of Fortify SCA. They will probably not tell you how to obtain this information.
But try adding the arguments -debug and -debug-verbose and -logfile to your -scan command, and you may see some or all of the rules in the log file.
Upvotes: 0
Related Questions
- Complete list of Clang flags
- How can I see all the rules of Fortify Secure Coding Rules?
- Interpreting Fortify results file (.fpr) through command line
- HP Fortify SCC - Rulepacks
- Fortify cleanse rule doesn't cleanse everything
- GCC fortified function documentation
- Fortify, how to start analysis through command
- Is it possible to know the Rule ID's of core Fortify rules?
- Fortify rule not firing
- Writing rules in Fortify