Cybersecurity
DevOps Cloud
IT Operations Cloud
Original Question: Update: Micro Focus Fortify on Demand 20.4 Release Postponed by Amandine Judas
Fortify on Demand will implement Fortify Software Security Content 2020 update 3, which includes updates to static and dynamic rules, on October 24th 2020. Fortify Software Security Content updates utilize Fortify's continued investment in application security research to provide security intelligence that powers the Fortify product portfolio.
Security Content SR3 Update Details
The 20.4 release will be rescheduled for a later date. Highlights include:
- API rate limit improvements
- Improved scanning logic to better handle technology stack changes
- FoDUploader improvements to support GitLab integration
Full details of the 20.4 release can be found within the documentation under "What's New" following the release on October 24th.
CI/CD Integrations
- Jenkins pipeline support for in-progress scans
- Added allowPolicyFail parameter to FoDUploader:
- Exit Code 1 - when a scan fails due to security policy
- Exit Code 0 - when the scan completes successfully
API Enhancements - See API Explorer for more information
- Added parameter for binary scanning to /api/v3/releases/{releaseId}/static-scans/start-scan-advanced
- Added parameter for severity to /api/v3/releases/{releaseId}/category-rollups
- Increased the default rate limit
- Increased the rate limit for the APIs for POST /api/v3/applications
- Increased the rate limit for the APIs for POST /api/v3/releases
Scanning Enhancements
- Enhanced logic to ensure correct scanning arguments are applied when technology stack is changed