[研究]Fortify SAST (SCA) Quick View 與 Security Auditor View 差異比較
2025-09-01
官方說明
Quick View
The Quick View filter set provides a view of issues in the Critical folder (these have a potentially high impact and a high likelihood of occurring) and the High folder (these have a potentially high impact and a low likelihood of occurring). This filter set provides a useful first look at results that enables you to quickly address the most pressing issues.
Security Auditor View
This view reveals a broad set of security issues to be audited. The Security Auditor View filter contains no visibility filters, so all issues are shown.
********************************************************************************
ChatGPT
| 項目 | Quick View | Security Auditor View |
| 用途 | 高層管理或專案經理快速掌握風險狀況 | 資安人員或開發人員詳細審查漏洞 |
| 顯示內容 | 主要顯示 Critical / High 問題摘要、統計、趨勢 | 顯示所有問題(Critical, High, Medium, Low, Info)及完整程式碼細節 |
| 篩選設定 | 內建篩選:隱藏 Medium、Low、Info(實際存在於 FPR 檔案中) | 無篩選,顯示完整結果 |
| 適合對象 | 管理層、決策者 | 資安審計人員、開發者 |
| 報告特性 | Dashboard 摘要型報告,重點突出高風險項目 | 詳細技術報告,可追蹤問題來源和修復建議 |
| Medium / Low / Info 顯示 | 預設隱藏(在 Quick View 中看起來可能為 0,但實際仍存在) | 全部顯示,不會被隱藏 |
********************************************************************************
Fortify SAST ( SCA ) 的 Quick View 的 Cirtical, High 為何比 Security Auditor View 要少 ?
https://shaurong.blogspot.com/2025/09/fortify-sast-sca-quick-view-cirtical.html
(完)
沒有留言:
張貼留言