Cybersecurity
DevOps Cloud
IT Operations Cloud
At Fortify, we believe great code is secure code, and helping customers achieve it runs through everything we do. Fortify continues to cover the most critical use cases common to today's software landscape, from DevSecOps, Cloud Transformation, and Securing the Software Supply Chain.
This week, we are excited to announce the general availability of our Fortify 23.2.0 release! With enhanced offerings to increase speed, accuracy, scalability, and ease of use, this marks another important chapter in Fortify’s elevation of code security. This release contains updates to Fortify Static Code Analyzer, Fortify WebInspect, Fortify Software Security Center, and Fortify Software Composition Analysis.
This release of Fortify Software includes the following new functions and features.
The following features have been added to Fortify Software Security Center.
Fortify Audit Assistant Gen 2
Audit Assistant is an optional tool that you can use to help determine whether or not the issues returned from your scans represent true vulnerabilities. Generation 2, or Gen 2, of Audit assistant is now available. Using advanced AI and machine learning, Gen 2 provides improved accuracy, training based on the decisions your auditors have made, and greater speed.
When upgrading Fortify Software to version 23.2.0, you must also upgrade Audit Assistant to use the new Gen 2 version of Audit Assistant.
BIGINT Data Type Replaces INT in scan_issue(ID) and issue(ID) Fields
This change affects the scan_issue table in both MSSQL and MySQL databases. During database migration, the data type for scan_issue(ID) and issue(ID) will be changed to BIGINT if it has not already been done. For information on how this impacts your database migration, see "Preparing to Upgrade the Fortify Software Security Center Database" in the OpenTextTM Fortify Software Security Center User Guide.
Debricked SBOM Support
You can now download Debricked Software Bill Of Materials and view information on the third-party components in your application.
Base URL Attribute
You can now assign a base URL attribute via the SCANCENTRAL DAST ATTRIBUTES page.
New Automation Token
Fortify Software Security Center now has a new SSC API Token type: the AutomationToken. This token type is a duplicate of the UnifiedLoginToken type. It provides access to most of the REST API and is intended for use in long-running automations and can be configured to last up to a year.
Preserve Issue Detected on Date Across Versions
Now, when creating a new application version based on a previous version, the Detected on date will be carried over to the new version. Previously, the Detected on date was set to the current date when basing a new application version on a previous one.
Change User Assigned to an Issue
You can now change the user assigned to an issue.
Custom Banner
An administrator can create an informational banner that persists until removed or changed.
New Reports
The premium report bundle now includes two new issue reports:
The following report versions are no longer available in this release:
REST Fortify Client
The REST fortifyclient replaces the SOAP fortifyclient and is now the default.
Additions to the System Requirements
Fortify Software Security Center Database
Service Integrations
Software Requirements
BIRT Reporting
The following features have been added to Fortify ScanCentral SAST.
The following features have been added to Fortify Static Code Analyzer:
Build tools
Languages
Compilers
The following features have been added to Fortify Static Code Analyzer tools.
The Fortify Static Code Analyzer installer no longer includes the Fortify Static Code Analyzer applications and tools. A separate installer is included for installing the Fortify Static Code Analyzer applications and tools.
Fortify Audit Workbench
Secure Coding Plugins
New Report Versions
The following features have been added to ScanCentral DAST
Fortify Connect
The new Fortify Connect feature enables you to perform scans of private applications from the cloud without exposing the application through your firewall.
Event-based Logout Conditions
The Event-based Web Macro Recorder now supports the use of JavaScript during execution to detect and notify the Fortify Weblnspect sensor of logout.
Event Handlers
The Event-based Web Macro Recorder now supports event handlers that react to unpredictable events, such as dialogs opening and popup DOM elements that steal focus.
Web Storage Keys
The Event-based Web Macro Recorder now supports the use of web storage keys that enable the application to determine and maintain state.
Support for IMAP in Two-factor Authentication Scans
Two-factor authentication scanning now supports IMAP email servers.
The following features have been added to Fortify WebInspect.
Fortify License and Infrastructure Manager
Linux Version
A Linux version of the Fortify License and Infrastructure Manager (LIM) is now available for download from the Fortify Docker repository.
Event-based Logout Conditions
The Event-based Web Macro Recorder now supports the use of JavaScript during execution to detect and notify the Fortify Weblnspect sensor of logout.
Event Handlers
The Event-based Web Macro Recorder now supports event handlers that react to unpredictable events, such as dialogs opening and popup DOM elements that steal focus.
Web Storage Keys
The Event-based Web Macro Recorder now supports the use of web storage keys that enable the application to determine and maintain state.
Web Socket Events
WebInspect now includes a Capture Web Socket Events setting in the JavaScript dialog under Scan Settings.
Support for IMAP in Two-factor Authentication Scans
Two-factor authentication scanning now supports IMAP email servers.
Visit the Support website to:
Explore the Community
https://www.microfocus.com/support
We Welcome Your Feedback
If you have comments or suggestions about the documentation, you can send these to the documentation team at fortifydocteam@opentext.com. Please use the subject line “Feedback on .” We appreciate your feedback!