Wikis - Page

Fortify on Demand CE 25.1 Release Notes

0 Likes
Fortify on Demand 25.1 Release Updates

We are pleased to announce the following highlights:

  • Fortify Aviator support for all technology stacks
  • Debricked : Group by view Production verses Non-Production dependencies
  • Sorting and filtering Open source components page
  • Application data export to include audit filters

OpenText recommends that you read these Release Notes in conjunction with the documentation included with the software package. We also recommend that you check Product Documentation for documentation updates that may have been posted after the initial release of this product.

 

Engine and rulepack updates

Fortify on Demand 25.1 includes the following engine and rulepack updates.

Fortify Software Security Content 24.4.1

Fortify on Demand has implemented Fortify Software Security Content 24.4.1 from Fortify Security Research (SSR). For more information, see Fortify Software Security Content 24.4.0.

Fortify Static Code Analyzer 24.4

Fortify on Demand has implemented OpenTextTm Fortify Static Code Analyzer 24.4 for scanning source code. Fortify Static Code Analyzer 24.4.0 offers the following features:

Languages

  • .NET (Core) 9.x
  • ABAP 7.x
  • Angular 17
  • Apex 61
  • C# 13
  • Go 23
  • Kotlin 2.0
  • PL/SQL 10, 11, 12, 18, 19, 21, and 23
  • TypeScript 5.3 and 5.4

Build tools

  • Bazel 7.x
  • Gradle 8.5
  • MSBuild 17.11
  • MSBuild and Bicep support on .NET 8


Other Updates

  • Added support for Flask framework and Jinja2 templates

New features

Fortify on Demand 25.1 includes the following new features.

Expanded Fortify Aviator coverage

Fortify Aviator has expanded its coverage of frameworks and languages. The following updates have been made to the Fortify Aviator service in Fortify on Demand:

  • Fortify Aviator is now available for all technology For details on the coverage, see the Fortify Aviator article in the Help Center.
  • Applicable issues can be set with the following Auditor Status values:
    • Proposed Not An Issue: Tentative false positives that are not suppressed
    • Suspicious: Tentative true positives that are not suppressed

API Updates

The following updates have been made to the Fortify on Demand API:

  • A static scan’s queue time has been added to the following API endpoints:
    • GET /api/v3/scans
    • GET /api/v3/scans/{scanId}/summary
    • GET /api/v3/releases/{releaseId}/scans/{scanId}/polling-summary

Scan queue time is specified as a string (hours:minutes:seconds) in the scanQueueTime field.

  • A static scan’s position in the queue for an application has been added to the response from the API endpoint GET /api/v3/releases/{releaseId}/scans/{scanId}/polling- summary. The position is specified as an integer in the QueuePositionWithinApplication For example, a value of 0 represents a scan in progress. A value of 1 represents a scan in queue position one.
  • ownerId is now an optional parameter for the following
    • POST /api/v3/applications
    • PUT /api/v3/releases/{released

If a value is not provided, the value is set to the Security Lead , alphabetically sorted by last name.

  • The API endpoint PUT /api/v3/attributes/{attributeId} has been added for updating an existing attribute. This endpoint is available to credentials with the Security Lead role.

Color code updated for issues in Magellan charts

For the OpenText Magellan charts, the color code for issue counts by severity now matches the color code used in the portal.

Audit filters added to applications data export

The Audit Filter column (audit filters applied to an application) has been added to the applications data export.

Differentiation of production and non-production dependencies in Debricked scan results

Debricked scan results now differentiate between production and non-production dependencies. The Open Source Components page displays the component’s production status in the Scope column. Scope has been added to the filter and grouping options on the Issues pages. The production status is available for scans moving forward.

Debricked file fingerprinting override

The Debricked file fingerprinting feature now allows overriding scan results. In some instances, the package and/or version resulting from file fingerprinting might differ from the dependency used in an application. Users can ensure the results are correct by excluding fingerprinting of a certain file or path. To do so, add the correct dependency to a manifest file or a CycloneDX SBOM using the Debricked CLI or generate a debricked-config.yaml file. For more information on excluding dependencies, see Manage or override results.

Open source components filtering and sorting

The Open Source Components page now supports filtering and sorting by the following columns:

Component, License, Scan Tool, Scope, and Type.

Download files submitted for dynamic assessments

Users can download files that were previously submitted in the Additional Documents section for dynamic assessments.

Fortify CLI added to Tools page

A link to Fortify CLI (fcli), a command-line utility for interacting with various Fortify products, has been added to the Tools page.

Discontinued and deprecated features

The following feature is scheduled to be discontinued:

  • The Continuous Application Monitoring service is scheduled to be discontinued in the 3 release.

 

Documentation

Documentation for Fortify on Demand is available on the Fortify on Demand portal, the Help Center, and Product Documentation. The documentation is available in English upon the upgrade; Japanese and Spanish translations are available a few weeks after the upgrade

The documentation for Fortify on Demand includes:

Fortify on Demand User Guide

  • Fortify on Demand Release Notes
  • Fortify on Demand IDE plugin guides
  • Fortify on Demand Jenkins Plugin User Guide
  • Fortify Azure DevOps Extension User Guide
  • Fortify integration guides
  • Fortify Static Code Analyzer documentation
  • Fortify WebInspect documentation

 

Supported environments and compatibility

This section provides details about supported platforms, systems, and versions.

 

Supported systems

Fortify on Demand supports the following browsers:

  • Chrome latest version
  • Firefox Quantum latest version
  • Safari on Mac latest version (Safari on PC is not supported)
  • Edge latest version

Language support

Fortify on Demand is currently localized in the following languages. Additional languages may be available in future releases.

UI = user interface only

B = both user interface and online help

 

Component

EN

DE

JA

FR

IT

ZH

ES

Fortify on Demand portal

B

 

B

 

 

 

B


AMS: https://helpcenter.ams.fortify.com/hc/en-us/articles/38059570897171

SGP: https://fodsgp.zendesk.com/hc/en-us/articles/15744662780691

APAC: https://helpcenter.apac.fortify.com/hc/en-us/articles/34400286870676

EMEA: https://helpcenter.emea.fortify.com/hc/en-us/articles/38058908738579

Contact information

OpenText Corporation 275 Frank Tompa Drive Waterloo, Ontario Canada, N2L 0A1

For more information, visit the OpenText or My Support websites.

Labels:

Announcement
Comment List
Related
Recommended