Wikis - Page

Fortify Off Cloud Product Announcement: 23.2.0

1 Likes

What’s New in Fortify Software 23.2.0

At Fortify, we believe great code is secure code, and helping customers achieve it runs through everything we do. Fortify continues to cover the most critical use cases common to today's software landscape, from DevSecOps, Cloud Transformation, and Securing the Software Supply Chain.

This week, we are excited to announce the general availability of our Fortify 23.2.0 release! With enhanced offerings to increase speed, accuracy, scalability, and ease of use, this marks another important chapter in Fortify’s elevation of code security. This release contains updates to Fortify Static Code Analyzer, Fortify WebInspect, Fortify Software Security Center, and Fortify Software Composition Analysis.

This release of Fortify Software includes the following new functions and features.

Fortify Software Security Center

The following features have been added to Fortify Software Security Center.

Fortify Audit Assistant Gen 2
Audit Assistant is an optional tool that you can use to help determine whether or not the issues returned from your scans represent true vulnerabilities. Generation 2, or Gen 2, of Audit assistant is now available. Using advanced AI and machine learning, Gen 2 provides improved accuracy, training based on the decisions your auditors have made, and greater speed.

When upgrading Fortify Software to version 23.2.0, you must also upgrade Audit Assistant to use the new Gen 2 version of Audit Assistant.

BIGINT Data Type Replaces INT in scan_issue(ID) and issue(ID) Fields
This change affects the scan_issue table in both MSSQL and MySQL databases. During database migration, the data type for scan_issue(ID) and issue(ID) will be changed to BIGINT if it has not already been done. For information on how this impacts your database migration, see "Preparing to Upgrade the Fortify Software Security Center Database" in the OpenTextTM Fortify Software Security Center User Guide.

Debricked SBOM Support
You can now download Debricked Software Bill Of Materials and view information on the third-party components in your application.

Base URL Attribute
You can now assign a base URL attribute via the SCANCENTRAL DAST ATTRIBUTES page.

New Automation Token
Fortify Software Security Center now has a new SSC API Token type: the AutomationToken. This token type is a duplicate of the UnifiedLoginToken type. It provides access to most of the REST API and is intended for use in long-running automations and can be configured to last up to a year.

Preserve Issue Detected on Date Across Versions
Now, when creating a new application version based on a previous version, the Detected on date will be carried over to the new version. Previously, the Detected on date was set to the current date when basing a new application version on a previous one.

Change User Assigned to an Issue
You can now change the user assigned to an issue.

Custom Banner
An administrator can create an informational banner that persists until removed or changed.

New Reports
The premium report bundle now includes two new issue reports:

  • OWASP API Top 10 (2023)
  • CWE Top 25 (2023)

The following report versions are no longer available in this release:

  • SANS 2009/2010
  • STIG 4.10, 4.9 and below
  • OWASP < 2013
  • CWE Top 25 2019/2020
  • WASC 24 + 2 

REST Fortify Client
The REST fortifyclient replaces the SOAP fortifyclient and is now the default.

Additions to the System Requirements
Fortify Software Security Center Database

  • SQL Server 2022

Service Integrations

  • Jira 9.10

Software Requirements

  • Red Hat Enterprise Linux 9 (RHEL 9) support
  • Kubernetes 1.27 and 1.28 support
  • Helm 3.12 support

BIRT Reporting

  • BIRT Report Designer 4.13.0

Fortify ScanCentral SAST

The following features have been added to Fortify ScanCentral SAST.

  • Support for ScanCentral SAST .NET scanning and packaging on Linux systems
  • Support for remote translation and scan of COBOL projects
  • ScanCentral SAST will now retry any failed uploads to Fortify Software Security Center. Use the new upload command to resend an FPR file to Fortify Software Security Center after a previous upload attempt failed.
  • REST API documentation for the Fortify ScanCentral SAST Controller is available with Swagger UI
  • You can now package the debug logs from clients, sensors, and Fortify Static Code Analyzer into a ZIP archive using the start command option -diagnosis.
  • Offload translation and scan support with Gradle versions 7.4-8.3 and MSBuild versions 17.4 - 17.8  

Fortify Static Code Analyzer

The following features have been added to Fortify Static Code Analyzer:

Build tools

  • Ant 1.10.14
  • Gradle 8.1 and 8.3
  • Maven 3.9.4
  • MSBuild 17.6 - 17.8
  • xcodebuild 15 and 15.0.1

Languages

  • Angular 15.1, 15.2, 16.0
  • Apex 58
  • Bicep v0.12.x → current
    • 0.12.1 → 0.14.85 (supporting .NET 6)
    • 0.15.31 → current (supporting .NET 7)
  • C# 12
  • C17
  • Dart 3.0
  • ECMAScript 2023
  • Go 1.20
  • Kotlin 1.8
  • .NET 8.0
  • Python 3.12
  • Django up to 4.2
  • React 18.0
  • Solidity 0.4.12-0.8.21
  • Swift 5.9
  • TypeScript 5.0

Compilers

  • Clang 15.0.0
  • Swiftc 5.9

Fortify Static Code Analyzer Tools

The following features have been added to Fortify Static Code Analyzer tools.

The Fortify Static Code Analyzer installer no longer includes the Fortify Static Code Analyzer applications and tools. A separate installer is included for installing the Fortify Static Code Analyzer applications and tools.

Fortify Audit Workbench

  • Syntax source code highlighting for Terraform, Dart, Bicep, and Solidity.
  • Installation automatically detects the Fortify Static Code Analyzer versions installed in a default location.
  • By default, Fortify Audit Workbench does not display binary source code

Secure Coding Plugins

  • Fortify Plugin for Eclipse adds support for 2023-06 and 2023.06
  • Fortify Analysis Plugin for IntelliJ IDEA and Android Studio adds support for IntelliJ IDEA 2023.2 and Android Studio 2022.2 and 2022.3

New Report Versions

  • OWASP MASVS 2.0
  • CWE Top 25 2023
  • OWASP API Top 10 2023

Fortify ScanCentral DAST

The following features have been added to ScanCentral DAST

Fortify Connect
The new Fortify Connect feature enables you to perform scans of private applications from the cloud without exposing the application through your firewall.

Event-based Logout Conditions
The Event-based Web Macro Recorder now supports the use of JavaScript during execution to detect and notify the Fortify Weblnspect sensor of logout.

Event Handlers
The Event-based Web Macro Recorder now supports event handlers that react to unpredictable events, such as dialogs opening and popup DOM elements that steal focus.

Web Storage Keys
The Event-based Web Macro Recorder now supports the use of web storage keys that enable the application to determine and maintain state.

Support for IMAP in Two-factor Authentication Scans
Two-factor authentication scanning now supports IMAP email servers.

Fortify WebInspect

The following features have been added to Fortify WebInspect.

Fortify License and Infrastructure Manager
Linux Version

A Linux version of the Fortify License and Infrastructure Manager (LIM) is now available for download from the Fortify Docker repository.

Event-based Logout Conditions
The Event-based Web Macro Recorder now supports the use of JavaScript during execution to detect and notify the Fortify Weblnspect sensor of logout.

Event Handlers
The Event-based Web Macro Recorder now supports event handlers that react to unpredictable events, such as dialogs opening and popup DOM elements that steal focus.

Web Storage Keys
The Event-based Web Macro Recorder now supports the use of web storage keys that enable the application to determine and maintain state.

Web Socket Events
WebInspect now includes a Capture Web Socket Events setting in the JavaScript dialog under Scan Settings.

Support for IMAP in Two-factor Authentication Scans
Two-factor authentication scanning now supports IMAP email servers.

Contacting Customer Support

Visit the Support website to:

  • Manage licenses and entitlements
  • Create and manage technical assistance requests
  • Browse documentation and knowledge articles
  • Download software

Explore the Community
https://www.microfocus.com/support
We Welcome Your Feedback

 If you have comments or suggestions about the documentation, you can send these to the documentation team at fortifydocteam@opentext.com. Please use the subject line “Feedback on .” We appreciate your feedback!

Comment List
Related
Recommended