Enabling Metadata Sharing

You can contribute your auditClosedThe process of assessing an application or program for security vulnerabilities. metadata to the Fortify Community Intelligence dataClosedPooled, anonymized data from Fortify users, data that a security team has completed, or data from both sources. Audit Assistant (and Scan Analytics) use this as training data to assess the actual threat that issues represent. Audit Assistant assessments become more accurate as it receives more Fortify Community Intelligence data. set (pool of anonymous auditing metadata from Fortify users). If you do, you can take advantage of the Fortify Community Intelligence data pool to assess your own data. Otherwise, Audit AssistantClosedAn optional tool used to connect Fortify Software Security Center to Fortify Scan Analytics. Audit Assistant (through Fortify Scan Analytics) helps determine whether the issues returned from Fortify Static Code Analyzer scan results represent true vulnerabilities, or are false positives. restricts the metadata it uses to assess your issues to just the training metadata you submit.

Note: If you submit no training data and you do not enable metadata sharing, then Fortify Scan AnalyticsClosedAn application that helps you to determine which of the issues returned in Fortify Static Code Analyzer scan results represent true vulnerabilities, and which do not. To make its determinations, Scan Analytics needs data to establish a baseline for its audits. This data consists of the decisions users have made during scan audits about how to characterize various issues uncovered in code scans. Fortify Scan Analytics assesses no issues.

To enable data sharing:

  1. Log in to Fortify Scan Analytics (https://analytics.fortify.com).

  2. In the left panel, select Settings.

  3. Select the Share anonymous issue metrics check box.

  4. Click Save.

See Also

About Prediction Policies

Configuring Audit Assistant