Enabling Auto-Apply and Auto-Predict for an Application Version

If your administrator has configured Audit AssistantClosedAn optional tool used to connect Fortify Software Security Center to Fortify Scan Analytics. Audit Assistant (through Fortify Scan Analytics) helps determine whether the issues returned from Fortify Static Code Analyzer scan results represent true vulnerabilities, or are false positives., enabled auto-apply system-wide, and mapped the appropriate primary tag fields in the Custom TagsClosedDuring audits, users assign values to custom tags to indicate which issues to address and in what order. The system supplies the default Analysis tag. Administrators and security leads can add custom tags to the system. To be considered audited, an issue must have a value assigned to its primary custom tag. section of the ADMINISTRATION view, you can enable auto-apply for a specific application versionClosedA particular iteration of the analysis of a codebase as it applies to Fortify Software Security Center. An application always begins with a first version. An administrator adds new versions, as needed..

If you enable auto-apply for an applicationClosedA customer codebase evaluated by Fortify software. The top-level container for one or more application versions. When you work with a new codebase, the application and first application version are automatically created. An application includes one or more application versions that users create and configure. version, then whenever you use Audit Assistant to request a prediction on your static analysis issues, Fortify Software Security Center applies those predictions to your custom tag values.

When Audit Assistant automatically applies custom tag values to issues, the metadata saved for the issue shows that it was audited by Audit Assistant. A gray gavel displayed next to the custom tag name enables users to see that Audit Assistant predicted the issue.

To enable auto-apply for an application version:

  1. From the Fortify dashboard, select the link for the application version for which you want to enable auto-apply.

    The AUDIT page lists the issues associated with the application version.

  2. On the page header, click PROFILE.

  3. Select AUDIT ASSISTANT OPTIONS.

  4. To have Audit Assistant automatically send unaudited issues to Fortify Scan AnalyticsClosedAn application that helps you to determine which of the issues returned in Fortify Static Code Analyzer scan results represent true vulnerabilities, and which do not. To make its determinations, Scan Analytics needs data to establish a baseline for its audits. This data consists of the decisions users have made during scan audits about how to characterize various issues uncovered in code scans. for assessmentClosedThe overall process of reviewing, triaging, and acting on a particular scan or analysis. (same as scan), select the Enable auto-predict check box. (For information on auto-predictionClosedThe automatic prediction (or assessment) of unassessed issues by Audit Assistant (through Fortify Scan Analytics)., see About Audit Assistant Auto-Prediction.)

  5. Select the Enable auto-apply check box.

    If your primary tag values are not mapped to Audit Assistant, Fortify Software Security Center displays a warning to that effect and advises you to contact your administrator.

  6. Click APPLY.

  7. Fortify Software Security Center prompts you to confirm that you want to save your settings.

  8. Click OK.
  9. Click CLOSE.

See Also

Configuring Audit Assistant