Trigger audit

Prerequisite

You must be a customer user.
Ensure you have the following:
- At least one application is assigned to the entitlement.
- Valid user access token.

To trigger an audit:

Copy

fcli ssc session login --url <ssc_url> -u <user_name> -p <ssc_password>

Create a user session to interact with SAST Aviator.

Copy

fcli aviator session login --url <aviator_server_url> --token <access_token>

Note: The default value for --token is a file path. To use other formats for the access token, prefix the value with file:<local file containing key> or string:<key string value> or env:<env-var name containing key>.

Ensure to create a user session before auditing.

If you cannot locate your access token, contact your customer administrator.

Optional argument	Description	Default value
--av-session, --aviator-session	Name of the Aviator user session.	default

Audit the application.

Copy

fcli aviator ssc audit --av <application_version_name:id>

Optional arguments	Description	Default value
--app	Name of the Aviator application. If the name is not specified, build ID of the FPR is considered.	FPR build ID
--tag-mapping	Override the default tag mapping using the YAML file. See Audit tag mapping.	tag mapping.yaml
--ssc-session	Name of the SSC session to use for auditing.	default
--av-session, --aviator-session	Name of the Aviator user session.	default

It may take a few minutes to process the FPR. The duration depends on the size of the FPR.

Note: You can use the same access token to audit multiple FPRs on different terminals at the same time.
You can audit an FPR only once.

Once the SAST Aviator processes the FPR, the Action status and the number of audited issues will be displayed. SAST Aviator uploads the audited FPR back to the Fortify Software Security Center application version.
1. Open the Fortify Software Security Center application and go to Applications > Artifacts.
2. Click each row to view the Audit details, such as analysis tag, remediation comment, and the highlighted vulnerable code segment.