Configuring Audit Assistant

Fortify Software Security Center can work with Fortify Audit Assistant to help determine whether or not the issues returned in Fortify Static Code Analyzer scan results represent true vulnerabilities.

To configure Fortify Software Security Center to use Fortify Audit Assistant with your applications:

  1. Log in to Fortify Software Security Center as an administrator, and then, on the OpenText header, select Administration.

  2. In the left pane, select Configuration, and then select Audit Assistant.

  3. Configure the settings on the Audit Assistant page as described in the following table.

    Field *Required

    Description

    Enable Audit Assistant check box

    Select this check box to enable the remaining fields.

    * Authentication token

    		 Paste the authentication token you obtained from Fortify Audit Assistant here. For instructions on how to get a token, select How do I get a token? or, see Getting a Fortify Audit Assistant Authentication Token.
    * Fortify Audit Assistant server URL Specify the URL for the Fortify Audit Assistant server.
    Use SSC proxy for Audit Assistant If you have configured a proxy for

    all Fortify Software Security Center integrations (see Configuring a Proxy for Fortify Software Security Center Integrations, you can select this check box to use that proxy for Fortify Audit Assistant.

  4. To test the connection to the Fortify Audit Assistant server, click TEST CONNECTION.

    After the connection is successfully tested, you can go ahead and configure the following settings in the Audit settings section.

  5. Click REFRESH POLICIES to populate the Default prediction policy list with the current server policies on the Fortify Audit Assistant server.

    Note: Audit Assistant prediction policies set for individual application versions can become invalid if available policies are changed on the Fortify Audit Assistant server. Fortify Software Security Center verifies new policies it receives from Fortify Audit Assistant every time a user clicks REFRESH POLICIES.) If Fortify Software Security Center detects one or more invalid policies, it displays a table that shows the mapping from the original policy to the changed policy. You can then identify each obsolete policy and map its valid replacement. Fortify Software Security Center updates the policies based on the changes you submit in the mapping table.

  6. From the Default prediction policy list, select the name of the prediction policy to apply to all application versions. (Policies are defined in Fortify Audit Assistant.)

  7. If you plan to specify prediction policies at the application version level and override the default global prediction policy, select Enable specific application version policies. Otherwise, Fortify Audit Assistant uses the default global prediction policy you specified in the previous step.

    Note: You can specify the policy for an application version from the APPLICATION PROFILE dialog box. For instructions, see Configuring Audit Assistant Options for an Application Version.

  8. To enable Fortify Software Security Center to automatically send issues not yet audited to Fortify Audit Assistant for assessment, select the Enable auto-predict check box. After you do, you must enable this functionality on a per-application version basis from the APPLICATION PROFILE window. (For information about the auto-predict feature, see About Audit Assistant Auto-Prediction .)

    Note: If you enable auto-predict here, open the APPLICATION PROFILE dialog box for each application version for which you want to use auto-predict, and enable it there as well.

  9. To enable the application of the analysis values that Audit Assistant assesses for issues to your Analysis custom tag values system-wide, select the Enable auto-apply check box. After you do, you must enable this functionality on a per-application version basis from the APPLICATION PROFILE window.

    Note: If you enable auto-apply here, open the APPLICATION PROFILE dialog box for each application version for which you want to use auto-apply, and enable it there as well.

    Important! Before you can use the auto-apply feature, you must first map Audit Assistant analysis tag values to Fortify Software Security Center Analysis tag values.

  10. If you selected the Enable auto-apply check box, and you want to map Audit Assistant analysis tag values to Fortify Software Security Center Analysis tag values now, click the here link to go to the Custom Tags page, and then follow the instructions provided in Mapping Audit Assistant Analysis Tag Values to Fortify Software Security Center Custom Tag Values.
  11. Click SAVE.