Working with Application Settings

Application settings apply to applications and generally override settings that are made in scan settings. Application settings such as scan priority, data retention, SAST correlation, domain restrictions, and private data settings are created and maintained by Fortify Software Security Center users who have permission to manage ScanCentral DAST deny intervals and other global settings.

Application Settings are Global Settings

Global settings are those that apply or may apply to all of your applications, scans, scan schedules, sensors, or sensor pools.

Priority

Scans for an application are run using a priority ranking from 0 to 10, where 0 is the lowest priority and 10 is the highest. Applications are configured with a default priority level in the application settings. For more information, see Configuring Scan Priority or Configuring Scan Priority in Base Settings.

Data Retention

When a scan is run, it creates several artifacts, including scan logs, an FPR, a site tree, and a scan file. Configuring data retention settings for an application can aid in preventing your ScanCentral DAST database from becoming full. Purging the scan data from ScanCentral DAST does not delete the FPR from Fortify Software Security Center.

Applicable Scans for Domain Restrictions

Domain restrictions allow the scanning of a specific IP address, range of IP addresses, or a domain or host. Application setting domain restrictions apply only to Standard scans or API scans that use a start URL.