Reducing the noise using Fortify (2020)

In AppSec, security scan noise is an issue that slows down fast software development. Noise is all output that is considered irrelevant or not worth acting upon by users. If there is too much noise, this can have detrimental effects on the success of implementation:
- For security auditors, they can be swamped auditing results
- If this noise ends up with developers’ directly, they may lose confidence in the tool

There are a subset of scan findings where the Fortify static scan tool worked as intended; however, the issue is considered irrelevant due to the context, risk appetite, etc.

This explainer video walks through several tools within Fortify that help reduce the noise:

0:22 What is noise in AppSec

3:25 Fighting the noise

4:43 Prescan and During scanning
- Filter file
- File exclusions
- Custom Rules

6:33 Filtering in Fortify on Demand (FoD): Audit Template

8:22 Custom rules

11:38 Post Scan options
- Audit Assistant
- AWB/SSC Filters

16:02 Fortify on Demand options

Related videos:

- Connect with peers and share your knowledge
- Find solutions and answers to your technical questions
- Stay informed on new releases and product enhancements
- Access downloads, demos, videos and support tips