Always Use Default Scan Settings

Question

When running a Fortify scan, which settings should I use in answer to the questions “How concerned about security are you,” “Are you concerned about code quality,” “Is this a J2EE Web application,” and “Does this program run with escalated privileges?”

Answer

When running a Fortify scan, it is important to configure everything properly so no issues are hidden or overlooked. When presented with the following screen, you should always use the default values (highlighted in red):

Leave wizard guide settings at default values

You should always select those options, even if they do not strictly apply to your project. This will ensure the no issues will be hidden. As a reminder, no issues should ever be hidden or suppressed.

References

Fortify documentation