Mapping Audit Assistant Analysis Tag Values to Fortify Software Security Center Custom Tag Values

If, when you configured Audit AssistantClosedAn optional tool used to connect Fortify Software Security Center to Fortify Scan Analytics. Audit Assistant (through Fortify Scan Analytics) helps determine whether the issues returned from Fortify Static Code Analyzer scan results represent true vulnerabilities, or are false positives. (Configuring Audit Assistant), you enabled Audit Assistant auto-apply, you must next map Audit Assistant analysis tag values to Fortify Software Security Center custom tagClosedDuring audits, users assign values to custom tags to indicate which issues to address and in what order. The system supplies the default Analysis tag. Administrators and security leads can add custom tags to the system. To be considered audited, an issue must have a value assigned to its primary custom tag. values for one or more list-type custom tags. After you do, you can start using the automated auditing feature.

Note: For Audit Assistant auto-apply to work, you must designate the mapped custom tag as the primary custom tagClosedA list-type custom tag that to which a user must assign a value in order to successfully complete the audit of an issue. An application version must have a primary custom tag assigned to it for auditing. By default, the Analysis tag is the primary tag. from the APPLICATION PROFILE dialog box for the application versionClosedA particular iteration of the analysis of a codebase as it applies to Fortify Software Security Center. An application always begins with a first version. An administrator adds new versions, as needed..

To map Audit Assistant analysis tag values to Fortify Software Security Center list-type custom tag values:

  1. After you configure Audit Assistant (and enable Audit Assistant auto-apply), do one of the following:

    • In the left panel of the ADMINISTRATION view, select Templates, and then select Custom Tags.

    Or

    • If you enabled auto-apply, click the here link at the bottom of the Audit Assistant page.

    The Custom Tags page opens.

  2. Expand the row for a list-type custom tag (such as Analysis) for which you want to map values.

  3. At the bottom right of the expanded section, click EDIT.

    The custom tag values listed in the table become editable, and the Audit Assistant Training section is visible.

  4. In the table of tag values, select the Edit value icon () for a listed value.

    The EDIT VALUE dialog box opens.

  5. Under AA Custom Tags, select the check box for the value you issues that have this custom tag value.

  6. Click APPLY.

    The list of custom tag values now shows the value you just mapped for Audit Assistant.

  7. Complete steps 4 through 6 for all of the values that you want to map for automated auditing.

  8. Click SAVE.

    Note that after you save your mapping, Fortify Software Security Center displays a gavel icon to the right of the custom tag name.

Note: The Audit Assistance Training section is used for data training purposes. For information about how to configure this section, see Adding Custom Tags to the System.