Wikis - Page

What’s New in Fortify Software 24.2.0

3 Likes

This release of Fortify Software includes the following new functions and features.

Fortify Software Security Center

The following features have been added to Fortify Software Security Center.

Data Retention

Administrators can define time period for retaining application version artifacts.

Customizable UI Theme

You can now set the UI theme to dark, light, or automatic.

Customized BIRT Reports

  • Generate and download customized BIRT reports in XLSX format.
  • Supports BIRT Report Designer 4.14.0

Syncronize Audit History Changes in Fortify ScanCentral DAST using Kafka

You can set up Kafka to synchronize audit history changes for suppressed issues, priority override, and analysis tag with Fortify ScanCentral DAST.

fortfyclient Timeouts

Set up timeouts for connect, read, and write for fortifyclient.

Kubernetes support

1.29

Helm support

3.13 and 3.14

 

Fortify ScanCentral SAST

The following features have been added to Fortify ScanCentral SAST.

Sensor Version Support

Scan requests initiated from older clients can be assigned and processed by newer sensor versions.

Encoded Tokens

Added support for encoded tokens (decoded tokens are deprecated).

ScanCentral SAST Client

  • Ability to use the Debricked CLI for open source software composition analysis (for use with Fortify on Demand only).
  • Simplified commands by automatically detecting txtfor Python projects, the PHP version for PHP projects, and setting a default value for package name.

ScanCentral Controller

You can configure the Controller to disallow queuing multiple scan requests that are uploaded to the same application version. If enabled, newer scan requests will replace the one that is in the queue while keeping its priority. It can be overridden with an option for individual scan requests.

Updated Build Tool Support

  • Support for Gradle 8.6
  • Support for dotnet 8.0
  • Support for MSBuild 17.9

 

Fortify Static Code Analyzer

The following features have been added to Fortify Static Code Analyzer.

Platforms

  • macOS 14 support

Languages

  • Angular 16.1 and 16.2
  • Apex 59 and 60
  • C23
  • Dart 3.1
  • Django 5.0
  • Flutter 3.13
  • Go 1.21 and 1.22
  • Java 21
  • Kotlin 1.9
  • PHP 8.3
  • Scala 3, versions 3.3-3.4
  • Swift 5.10
  • TypeScript 5.1 and 5.2
  • Visual Basic (VB.NET) 16.9

Compilers

  • gcc 13
  • g++ 13
  • Swiftc 5.9.2, 5.10

Build tools

  • Bazel 6.4.0
  • CMake 3.23.3 and later
  • MSBuild 17.9
  • xcodebuild 15.3

Features/Updates

  • ARM JSON Templates (IaC)
  • AWS CloudFormation (IaC)
  • Scanning .NET requires .NET SDK 8.0.
  • The default python version is now 3.
  • The default scan policy has changed from classic to security. The security scan policy excludes issues related to code quality from the analysis results.
  • Ability to specify the location of a custom supported JDK or JRE version that is not included in the Fortify Static Code Analyzer installation
  • Fortify Static Code Analyzer automatically detects the content of files with a .cls extension to determine if they are Apex or Visual Basic code. This removes the need to include the -apex option, which is now deprecated.
  • Updated LOC (lines of code) calculation: The LOC calculation returns the total number of new lines, including blank lines and comments. The LOC value is closely aligned with what you might see in your code editor. Because of changes to how LOC is calculated, these values should not be compared to values achieved with previous releases of OpenText Fortify Static Code Analyzer.

 

Fortify Static Code Analyzer Tools

The following features have been added to Fortify Static Code Analyzer tools.

Fortify Applications and Tools Installer

Now includes the standalone Fortify ScanCentral SAST client.

Fortify Audit Workbench

Now includes a timeout setting for downloading analysis results from Fortify Software Security Center.

Secure Coding Plugins

  • Support for Red Hat Enterprise Linux (RHEL) 9
  • Support for macOS 14
  • Fortify Visual Studio Extension supports suppressing issues and auditing multiple issues in batch when remediating analysis results on Fortify Software Security Center.
  • Fortify Plugin for Eclipse, Fortify Analysis Plugin for IntelliJ IDEA and Android Studio, and the Fortify Extension for Visual Studio support analysis with a standalone ScanCentral SAST client.
  • Support for Eclipse 2023-12 and 2024-03
  • Support for IntelliJ IDEA 2023.3 and 2024.1
  • Support for Android Studio 2023.1 and 2023.2
  • The Fortify Analysis Plugin for IntelliJ IDEA and Android Studio, Fortify Plugin for Eclipse, and Fortify Extension for Visual Studio will be available in the relevant marketplaces.

New Issue Reports

  • DISA STIG 5.3
  • OWASP Mobile Top 10 2024

 

Fortify ScanCentral DAST

The following features have been added to ScanCentral DAST.

Syncing of Suppressed Issues in Fortify Software Security Center

You can now configure Kafka settings in ScanCentral DAST to provide support for the syncing of audit history changes in Fortify Software Security Center, including support for suppressed issues. Additionally, you can show or hide suppressed issues in the ScanCentral DAST Scans view and scan visualization.

Regex Editor Tool

ScanCentral DAST now includes a Regex Editor tool that enables you to construct and test regular expressions.

Perform Actions on Multiple Scans

You can select multiple scans and then pause, start, stop, delete, or publish them.

Use an Access Token for Sensor Auto Scaling

When configuring Sensor Auto Scaling in a Kubernetes environment, you can now configure ScanCentral DAST to read an access token from the default path in Kubernetes, to retrieve the token from a specific path in the container, or to use a long-lived access token.

DAST Health Monitoring

Readiness and liveness probe commands have been added to ScanCentral DAST services to enable Kubernetes to detect failures and restart containers.

OAuth 2.0 Support

You can now configure Client Credentials Grant and Password Credentials Grant OAuth 2.0 authentication flows for scans requiring network authentication.

Mac Version of Event-based Web Macro Recorder Tool

The Event-based Web Macro Recorder tool is available for Mac, which enables you to create login and workflow macros on macOS.

 

Fortify WebInspect

The following features have been added to WebInspect.

Docker Images Available in Iron Bank

The Fortify WebInspect (DAST) scanner Docker image is available on the Iron Bank hardened container image repository, along with the 2FA, FAST, OAST, and WISE images.

Enhanced CycloneDX Export Data

CycloneDX export data now includes vulnerability details, including CVE ID number, description, ratings, affected library versions, and the source provider’s URL (PURL).

OAuth 2.0 Support

You can now configure Client Credentials Grant and Password Credentials Grant OAuth 2.0 authentication flows for scans requiring network authentication.

Mac Version of Event-based Web Macro Recorder Tool

The Event-based Web Macro Recorder tool is available for Mac, which enables you to create login and workflow macros on macOS.

Contacting Customer Support

Visit the Support website to:

  • Manage licenses and entitlements
  • Create and manage technical assistance requests
  • Browse documentation and knowledge articles
  • Download software
  • Explore the Community

https://www.microfocus.com/support

We Welcome Your Feedback

If you have comments or suggestions about the documentation, you can send these to the documentation team at fortifydocteam@opentext.com. Please use the subject line “Feedback on <Document_Title> <Product_Version>.” We appreciate your feedback!

Comment List
Related
Recommended