Cybersecurity
DevOps Cloud
IT Operations Cloud
This release of Fortify Software includes the following new functions and features.
The following features have been added to Fortify Software Security Center.
Data Retention
Administrators can define time period for retaining application version artifacts.
Customizable UI Theme
You can now set the UI theme to dark, light, or automatic.
Customized BIRT Reports
Syncronize Audit History Changes in Fortify ScanCentral DAST using Kafka
You can set up Kafka to synchronize audit history changes for suppressed issues, priority override, and analysis tag with Fortify ScanCentral DAST.
fortfyclient Timeouts
Set up timeouts for connect, read, and write for fortifyclient.
Kubernetes support
1.29
Helm support
3.13 and 3.14
The following features have been added to Fortify ScanCentral SAST.
Sensor Version Support
Scan requests initiated from older clients can be assigned and processed by newer sensor versions.
Encoded Tokens
Added support for encoded tokens (decoded tokens are deprecated).
ScanCentral SAST Client
ScanCentral Controller
You can configure the Controller to disallow queuing multiple scan requests that are uploaded to the same application version. If enabled, newer scan requests will replace the one that is in the queue while keeping its priority. It can be overridden with an option for individual scan requests.
Updated Build Tool Support
The following features have been added to Fortify Static Code Analyzer.
Platforms
Languages
Compilers
Build tools
Features/Updates
The following features have been added to Fortify Static Code Analyzer tools.
Fortify Applications and Tools Installer
Now includes the standalone Fortify ScanCentral SAST client.
Fortify Audit Workbench
Now includes a timeout setting for downloading analysis results from Fortify Software Security Center.
Secure Coding Plugins
New Issue Reports
The following features have been added to ScanCentral DAST.
Syncing of Suppressed Issues in Fortify Software Security Center
You can now configure Kafka settings in ScanCentral DAST to provide support for the syncing of audit history changes in Fortify Software Security Center, including support for suppressed issues. Additionally, you can show or hide suppressed issues in the ScanCentral DAST Scans view and scan visualization.
Regex Editor Tool
ScanCentral DAST now includes a Regex Editor tool that enables you to construct and test regular expressions.
Perform Actions on Multiple Scans
You can select multiple scans and then pause, start, stop, delete, or publish them.
Use an Access Token for Sensor Auto Scaling
When configuring Sensor Auto Scaling in a Kubernetes environment, you can now configure ScanCentral DAST to read an access token from the default path in Kubernetes, to retrieve the token from a specific path in the container, or to use a long-lived access token.
DAST Health Monitoring
Readiness and liveness probe commands have been added to ScanCentral DAST services to enable Kubernetes to detect failures and restart containers.
OAuth 2.0 Support
You can now configure Client Credentials Grant and Password Credentials Grant OAuth 2.0 authentication flows for scans requiring network authentication.
Mac Version of Event-based Web Macro Recorder Tool
The Event-based Web Macro Recorder tool is available for Mac, which enables you to create login and workflow macros on macOS.
The following features have been added to WebInspect.
Docker Images Available in Iron Bank
The Fortify WebInspect (DAST) scanner Docker image is available on the Iron Bank hardened container image repository, along with the 2FA, FAST, OAST, and WISE images.
Enhanced CycloneDX Export Data
CycloneDX export data now includes vulnerability details, including CVE ID number, description, ratings, affected library versions, and the source provider’s URL (PURL).
OAuth 2.0 Support
You can now configure Client Credentials Grant and Password Credentials Grant OAuth 2.0 authentication flows for scans requiring network authentication.
Mac Version of Event-based Web Macro Recorder Tool
The Event-based Web Macro Recorder tool is available for Mac, which enables you to create login and workflow macros on macOS.
Contacting Customer Support
Visit the Support website to:
https://www.microfocus.com/support
We Welcome Your Feedback
If you have comments or suggestions about the documentation, you can send these to the documentation team at fortifydocteam@opentext.com. Please use the subject line “Feedback on <Document_Title> <Product_Version>.” We appreciate your feedback!