Speed Dial Used
Question
What does the Fortify scan issue “Speed dial used” mean, how can I detect it, and how can I fix it?
Answer
This scan issue indicates that Fortify was run with the speed dial feature enabled. Speed dial is designed to speed up the scan at the expense of precision and depth of the scan. Many issues are therefore not included in the results, including issues that may be of critical or high priority.
How to detect
Enabling speed dial may be done on the command line or via Fortify properties, however it is most likely to show up in the command line. To look at the command line, open up the Project Summary in Audit Workbench or your IDE, select the Analysis Information tab and the Commandline Arguments sub-tab:
On the command line, look for any of the following options that indicate that speed dial was enabled:
-
-scan-precision <level> -
-Dcom.fortify.sca.PrecisionLevel=<level>
Properties may be viewed in the properties sub-tab in the Project Summary. The property com.fortify.sca.PrecisionLevel is used to enable speed dial.
How to resolve
Fortify’s default is to not use speed dial. To enable speed dial, it must be explicitly enabled in either the Audit Workbench or IDE options dialog or explicitly limited in the command line or properties configuration. Resolve this issue by removing any explicit enabling of speed dial and rescan the application. Note that in Audit Workbench, the default scan settings should also be used.