Old version of Fortify used during scan

Question

What does the Fortify scan issue “Old version of Fority used during scan” mean, how can I detect it, and how can I fix it?

Answer

This scan issue indicates that an older version of the Fortify software was used to perform the code scan. Scans that do not use the most recent version of Fortify may not include a complete set of results. Other scan issues may also result from using older versions of Fortify.

How to detect

There are two steps to determine if you have the most recent version of Fortify:

1. Determine the current version of Fortify.
   • Fortify updates are announced on the Program Announcements page
   • Fortify updates are announced via email. Send email to OIS SwA Service Requests to subscribe to email announcements
2. Check the version number of Fortify that you are using.
   • Open Audit Workbench. Select the Help->About Audit Workbench menu item to get the AWB version number, which is the Fortify version number.

How to resolve

To fix this issue, update Fortify and rerun the scan. Fortify may be downloaded from Teams. Note that after you rerun the scan, you can merge your previous results into the new scan to carry any previous audits to the new scan.

References

• Fortify documentation