Open topic with navigation

About Prediction Policies

To use Audit AssistantAn optional tool used to connect Fortify Software Security Center to Fortify Scan Analytics. Audit Assistant (through Fortify Scan Analytics) helps determine whether the issues returned from Fortify Static Code Analyzer scan results represent true vulnerabilities, or are false positives. to process your scan results, you must first define at least one prediction policyPrediction policies determine the confidence thresholds that Scan Analytics uses to determine which issues to treat as indeterminate - that is, neither a true issue nor a non-issue. To use Scan Analytics to process your scan results, you must first define one or more prediction policies. When you submit a new scan for prediction, each issue is assessed based on the prediction policy you have specified. in Fortify Scan AnalyticsAn application that helps you to determine which of the issues returned in Fortify Static Code Analyzer scan results represent true vulnerabilities, and which do not. To make its determinations, Scan Analytics needs data to establish a baseline for its audits. This data consists of the decisions users have made during scan audits about how to characterize various issues uncovered in code scans.. Prediction policies determine the confidenceThe degree of certainty that rules and Fortify Static Code Analyzer's capabilities can find an issue’s true vulnerability. thresholds that Audit Assistant (and Fortify Scan Analytics) uses to determine which issues to treat as indeterminate - that is, neither a true issue nor a non-issue.

Note: During Audit Assistant configuration, the administrator selects a default global prediction policyA collection of audit engines and attack agents that Fortify WebInspect and Fortify WebInspect Enterprise use when auditing or crawling a Web application. Each component has a specific task, such as testing for susceptibility to cross-site scripting, building the site tree, probing for known server vulnerabilities, etc. These components are organized into the following groups: Audit Engines, General Application Testing, General Text Searching, Third-Party Web Applications, Web Frameworks/Languages, Web Servers, Web Site Discovery, and Custom Checks, which Scan Analytics uses for the application versionA particular iteration of the analysis of a codebase as it applies to Fortify Software Security Center. An application always begins with a first version. An administrator adds new versions, as needed. if no prediction policy is specified for that applicationA customer codebase evaluated by Fortify software. The top-level container for one or more application versions. When you work with a new codebase, the application and first application version are automatically created. An application includes one or more application versions that users create and configure. version. If a prediction policy is specified for an application version, then Scan Analytics uses that policy to assess issues.

See Also

Defining Prediction Policies

About Audit Assistant Auto-Prediction

Configuring Audit Assistant Options for an Application Version Configuring Audit Assistant

Configuring Audit Assistant

© Copyright 2008 - 2020 Micro Focus or one of its affiliates

Send documentation feedback

_HP_HTML5_bannerTitle.htm