Setting the strategy for resolving issue audit conflicts

If multiple auditors are working on the same issue using different products (Application Security, Fortify Audit Workbench, or any of the Secure Code Plugins), they might assign different values to a given custom tag. Previously, if Application Security detected an audit conflict such as this, it ignored all client-side changes and resolved the conflict in favor of the existing custom tag value on Application Security.

Conflict resolution is not necessary if these auditors work within the same Application Security instance.

Example of the default strategy for resolving audit conflicts

Fortify Audit Workbench users A and B are both auditing the most recent analysis results for the same application version.

User A sets custom tag values for the issues uncovered and uploads the results to Application Security.

Application Security accepts the upload and changes the custom tag values for the issues based on the values that user A set for them. Now, the tag values user A set are the current custom tag values for these issues on Application Security.

On a different Fortify Audit Workbench instance, user B sets custom tag values for the same issues that user A audited and uploads the results to Application Security. Application Security detects that one or more of the custom tag values that B submitted conflict with the values that user A submitted for the same issues.

Result:Application Security ignores the audit results from user B and retains the values set by user A.

Application Security applies this strategy across all application versions.

You can change this strategy so that Application Security resolves audit conflicts in favor of the most recent changes.

To perform this task, you must have the "Manage issue audit settings" permission.

To set the strategy Application Security uses to resolve audit conflicts:

  1. Sign in to Application Security as an Administrator.

  2. On the header, select Administration.

  3. On the navigation pane, expand Configuration, and then select Issue Audit.

  4. From the Issue audit conflict resolving strategy list, select one of the following:

    • Conflicts are resolved in favor of the SSC changes (the default)

    • Conflicts are resolved in favor of the most recent changes

  5. Click SAVE.

  6. To implement your changes, restart Application Security server.

After you change the setting, the new strategy is applied only to new uploads. All previous conflict resolution results remain unchanged.

See Also

About current issues state