Using Audit Assistant

The following sections provide information about Audit Assistant workflow, prediction policies and how to use them, how to enable metadata sharing, how to submit data to Audit Assistant, and how to review Audit Assistant results.

Audit Assistant Workflow

The workflow for using Audit Assistant is as follows:

  1. Obtain a Fortify Scan Analytics account, as follows:

    1. Go to https://analytics.fortify.com.

    2. Click Need an Account?

    3. Complete the fields on the Request a Fortify Scan Analytics Tenant form, and then click Request Now.

    Fortify sends an email with information about how to connect to Fortify Scan Analytics.

  2. From Fortify Scan Analytics, create one or more policies.
  3. (Optional) Choose to share anonymous metadata.
  4. Obtain a Fortify Scan Analytics token.

  5. From Fortify Software Security Center:

    • Configure and test the connection to Fortify Scan Analytics and then, on the Audit Assistant Configuration page, click REFRESH POLICIES to populate the Default prediction policy list (see Configuring Audit Assistant).
    • Specify a default prediction policy.
    • (Optional) Enable Audit Assistant to automatically send unaudited issues to Fortify Scan Analytics for prediction.
    • (Optional) Enable Audit Assistant to automatically apply predicted values to custom tags.
  6. From Fortify Software Security Center, open an application version, and submit the latest completely audited scan to Audit Assistant. This step is referred to as training.
  7. From Fortify Software Security Center, open an application version and submit its Fortify Static Code Analyzer scan results to Audit Assistant.
  8. After Audit Assistant completes its assessment, view those results and, if necessary, adjust them.
  9. Submit corrected results to Audit Assistant.

The following sections describe how to obtain an authentication token from Fortify Scan Analytics, and then use that token to configure a connection to Fortify Scan Analytics. Later sections describe how to prepare Scan Analytics for metadata submission, submit data, review Audit Assistant results, and then submit corrected audit data.

See Also

About Prediction Policies

Defining Prediction Policies

Configuring Audit Assistant

Enabling Auto-Apply and Auto-Predict for an Application Version

Enabling Metadata Sharing

Submitting Training Data to Audit Assistant

Reviewing Audit Assistant Results