Fortify Audit Assistant workflow

The workflow for using Fortify Audit Assistant is as follows:

  1. Update the Fortify Audit Assistant configuration after upgrading to version 23.2.0 or later. For detailed information, see Updating the Fortify Audit Assistant configuration .

  2. Obtain a Fortify Audit Assistant account.

    1. Go to https://analytics.fortify.com.

    2. Click the Need an Account? link.

      The Request a Fortify Audit Assistant Tenant window opens.

    3. Provide your company information and click Subscribe.

      After your information is verified, you will receive a welcome email.

  3. Log in to Fortify Audit Assistant and create one or more prediction policies.

    For detailed instructions on how to define prediction policies in Fortify Audit Assistant, see the Fortify Audit Assistant Help in the Fortify Audit Assistant Documentation.

  4. Obtain a Fortify Audit Assistant token.

    For detailed information, see the Fortify Audit Assistant Help in the Fortify Audit Assistant Documentation.

  5. From the Audit Assistant page in Application Security:

    • Configure and test the connection to Fortify Audit Assistant and then, click REFRESH POLICIES to populate the Default prediction policy list.
    • Specify a default prediction policy.
    • (Optional) Enable Application Security to automatically send unaudited issues to Fortify Audit Assistant for prediction.
    • (Optional) Enable Fortify Audit Assistant to automatically apply predicted values to custom tags.
      For detailed information, see Configuring Fortify Audit Assistant.

  6. From Application Security, open an application version, and submit the latest completely audited scan to Fortify Audit Assistant.

    This step is referred to as training. For more information, see Submitting Training Data to Audit Assistant.

  7. From Application Security, open an application version and submit its OpenText SAST analysis results to Fortify Audit Assistant.
  8. After Fortify Audit Assistant completes its assessment, view the results and, if necessary, adjust them.
  9. Submit corrected results to Fortify Audit Assistant.

See also

About prediction policies

Configuring Fortify Audit Assistant

Configuring Fortify Audit Assistant options for an application version

Enabling auto-apply and auto-predict for an application version

Submitting training data to Fortify Audit Assistant

Reviewing Fortify Audit Assistant results