About Audit Assistant
Audit Assistant
An optional tool used to connect Fortify Software Security Center to Fortify Scan Analytics. Audit Assistant (through Fortify Scan Analytics) helps determine whether the issues returned from Fortify Static Code Analyzer scan results represent true vulnerabilities, or are false positives. is an optional tool that you can use with Fortify Scan AnalyticsAn application that helps you to determine which of the issues returned in Fortify Static Code Analyzer scan results represent true vulnerabilities, and which do not. To make its determinations, Scan Analytics needs data to establish a baseline for its audits. This data consists of the decisions users have made during scan audits about how to characterize various issues uncovered in code scans. to help determine whether or not the issues returned from Fortify Static Code Analyzer scan results represent true vulnerabilities. To make its determinations, Audit Assistant needs data to establish a baseline for its audits. This data consists of the decisions users have made during scan audits about how to characterize various issues.
You can use Fortify shared data (pooled, anonymized data from Fortify users and Fortify's security team), or use auditThe process of assessing an application or program for security vulnerabilities. data that your security team has completed. Audit Assistant’s assessments of the actual threats that issues represent become more accurate as it receives more training data.
You can submit training data (metadata derived from historical human-audited scan results) without having submitted anything for prediction.
Audit Assistant can also learn through corrections that are included in the training or prediction data set. A correction is registered after a user reviews the prediction Audit Assistant assigned to an issue, disagrees with it, adjusts the value, and then includes the issue in the data set for additional training.
The following sections describe how to obtain an authentication tokenUnique keys that enable users to automate actions within Fortify Software Security Center without using passwords. The user requests a token, authenticates to the Fortify Software Security Center server, and receives back a string that is permissioned for a small set of time-limited actions. Fortify Scan Analytics also generates authentication tokens that are required to configure a connection between Scan Analytics and Fortify Software Security Center. from Fortify Scan Analytics, and then use that token to configure a connection to Fortify Scan Analytics. Later sections describe how to prepare Scan Analytics for metadata submission, submit data, review Audit Assistant results, and then submit corrected audit data.
See Also
Enabling Auto-Apply and Auto-Predict for an Application Version