About Audit Assistant
Audit Assistant is an optional tool that you can use with Fortify Scan Analytics to help determine whether or not the issues returned from Fortify Static Code Analyzer scan results represent true vulnerabilities. To make its determinations, Audit Assistant needs data to establish a baseline for its audits. This data consists of the decisions users have made during scan audits about how to characterize various issues.
You can use Fortify shared data (pooled, anonymized data from Fortify users and Fortify's security team), or use audit data that your security team has completed. Audit Assistant’s assessments of the actual threats that issues represent become more accurate as it receives more training data.
You can submit training data (metadata derived from historical human-audited scan results) without having submitted anything for prediction.
Audit Assistant can also learn through corrections that are included in the training or prediction data set. A correction is registered after a user reviews the prediction Audit Assistant assigned to an issue, disagrees with it, adjusts the value, and then includes the issue in the data set for additional training.
The following sections describe how to obtain an authentication token from Fortify Scan Analytics, and then use that token to configure a connection to Fortify Scan Analytics. Later sections describe how to prepare Scan Analytics for metadata submission, submit data, review Audit Assistant results, and then submit corrected audit data.
See Also
Enabling Auto-Apply and Auto-Predict for an Application Version