Incorrect submission materials potentially provided
Question
What do the Fortify scan issue “Incorrect submission materials potentially provided” mean, how can I detect it, and how can I fix it?
Answer
This scan issue indicates that the Fortify scan file(s), or the zip(s) of scanned code, or both may not have belonged to the application being reviewed. There are many potential causes for this issue.
How to detect
Fortify scan file(s) and zip(s) of scanned code should be reviewed to ensure that they belong to the application being reviewed, and that they are the correct versions of those items.
How to resolve
The appropriate resolution depends on the reason for the detected differences:
- If this is a different application than was previously submitted under this application ID, it must be submitted as a unique application with its own ID. If the application has not yet been registered and does not have an application ID, please start by registering the application.
- If parts of the application are no longer being scanned or there has been a major structural change to the application that may have led to this issue, please include a readme file with future code review submissions describing the change and the reasons for it. If possible and appropriate, please provide a mapping between the old structure and the new structure.