About Audit Assistant Auto-Prediction

You can configure Fortify Software Security Center to send issues for Audit AssistantClosedAn optional tool used to connect Fortify Software Security Center to Fortify Scan Analytics. Audit Assistant (through Fortify Scan Analytics) helps determine whether the issues returned from Fortify Static Code Analyzer scan results represent true vulnerabilities, or are false positives. prediction automatically after FPRs are successfully uploaded and processed. (If you prefer to submit FPRs for prediction manually, then there is no need to configure auto-predictionClosedThe automatic prediction (or assessment) of unassessed issues by Audit Assistant (through Fortify Scan Analytics)..)

If both auto-predict and auto-apply are enabled for an application versionClosedA particular iteration of the analysis of a codebase as it applies to Fortify Software Security Center. An application always begins with a first version. An administrator adds new versions, as needed., then Audit Assistant automatically applies predicted values to custom tagsClosedDuring audits, users assign values to custom tags to indicate which issues to address and in what order. The system supplies the default Analysis tag. Administrators and security leads can add custom tags to the system. To be considered audited, an issue must have a value assigned to its primary custom tag. on new issues after prediction is completed. (Audit Assistant prediction results are always applied to an applicationClosedA customer codebase evaluated by Fortify software. The top-level container for one or more application versions. When you work with a new codebase, the application and first application version are automatically created. An application includes one or more application versions that users create and configure. version, but if auto-apply is not enabled, the information is stored only in Audit Assistant-specific tags. If auto-apply is enabled, Audit Assistant-specific values are also mapped to other tags, based on the configuration.)

Only unpredicted issues (uncovered by a supported analyzerClosedA component of a security software product that looks for security issues using one or more particular techniques.) found at the end of FPR processing are automatically submitted to Audit Assistant for assessmentClosedThe overall process of reviewing, triaging, and acting on a particular scan or analysis. (same as scan). Once Audit Assistant has assessed an issue, it does not revisit that issue.

Enabling Auto-prediction

Auto-prediction enablement for an application version is a two-step process. First, an administrator enables it system-wide during Audit Assistant configuration. Configuring Audit Assistant.) After this, users can enable auto-prediction on a per-application-version basis from the PROFILE window. (See Enabling Auto-Apply and Auto-Predict for an Application Version.)