Uploading Scan Artifacts

The following procedure describes how to upload your scan artifacts to the Fortify Software Security Center database. For information about how to submit training metadata to Fortify Audit Assistant, see Submitting Training Data to Audit Assistant.

Note: As it inserts data into the database, Fortify Software Security Center truncates HTTP responses that contain more than 100,000 characters. Such responses are either cut off at the end, or contain \n\n...\n\n elsewhere in the response. This does not affect downloaded scans. It affects only the data displayed on the Fortify Software Security Center AUDIT page.

Important!  The files you upload to Fortify Software Security Center must not exceed 2 GB.

Important! To upload third-party artifacts, you must have the correct parser configured. For information, see Adding and Managing Parser Plugins.

Also note that any raw scan file that contains third-party data must be packed into a ZIP file along with a scan.info metadata file. The scan.info property file must provide a value for the engineType property to identify the scanning engine that produced the results. That engine type must match the engine type registered by the parser plugin configured. The scan.info file can also provide a scanDate property value in ISO-8601 format. You can obtain the scan.info contents from https://github.com/fortify/sample-parser.

To upload a scan artifact to the Fortify Software Security Center database:

  1. On the Dashboard or, for new applications, the Applications view, move your cursor to the application version for which you want to upload an artifact, and then select Artifacts from the shortcut menu.

  2. The ARTIFACT HISTORY table lists any and all scan artifacts uploaded for the application version.

  3. Click ARTIFACT.

  4. In the UPLOAD ARTIFACT dialog box, click + ADD FILES.

  5. Navigate to and select one or more (up to five) artifact files to upload.

    Formats supported for artifact upload are FPR, XML, GZ, and, for third-party artifacts, ZIP.

    The UPLOAD ARTIFACT dialog box lists the selected files.

  6. To remove a file from the list, click the trash icon for that file. To remove all of the listed files, click CLEAR.

  7. Click START UPLOAD.

    The dialog box displays a progress bar as each file is uploaded.

  8. After your files are successfully uploaded, click CLOSE.

    Note: If a scan artifact requires approval based on analysis result processing rules, it must be approved before Fortify Software Security Center can process it. For information, see Approving Analysis Results for an Application Version.

Viewing File Processing Errors

If there was an error in processing an uploaded artifact, the Status column of the ARTIFACT HISTORY table displays Error Processing, along with a circled number that indicates the number of processing rules violated.

To view information about the processing rules violated:

The Artifact Processing Messages box opens to display details about problems encountered during the upload.

See Also

Downloading Scan Artifacts

Setting Analysis Results Processing Rules for Application Versions

Using an Application Identifier to Upload FPR Files

Using an Application Name and Version to Upload FPR Files