Cybersecurity
DevOps Cloud
IT Operations Cloud
We are pleased to announce the following highlights:
OpenText recommends that you read these Release Notes in conjunction with the documentation included with the software package. We also recommend that you check Product Documentation for documentation updates that may have been posted after the initial release of this product.
Fortify on Demand 25.1 includes the following engine and rulepack updates.
Fortify on Demand has implemented Fortify Software Security Content 24.4.1 from Fortify Security Research (SSR). For more information, see Fortify Software Security Content 24.4.0.
Fortify on Demand has implemented OpenText Fortify Static Code Analyzer 24.4 for scanning source code. Fortify Static Code Analyzer 24.4.0 offers the following features:
Languages
Build tools
Other Updates
Fortify on Demand 25.1 includes the following new features.
Fortify Aviator has expanded its coverage of frameworks and languages. The following updates have been made to the Fortify Aviator service in Fortify on Demand:
The following updates have been made to the Fortify on Demand API:
Scan queue time is specified as a string (hours:minutes:seconds) in the scanQueueTime field.
If a value is not provided, the value is set to the Security Lead , alphabetically sorted by last name.
For the OpenText Magellan charts, the color code for issue counts by severity now matches the color code used in the portal.
The Audit Filter column (audit filters applied to an application) has been added to the applications data export.
Debricked scan results now differentiate between production and non-production dependencies. The Open Source Components page displays the component’s production status in the Scope column. Scope has been added to the filter and grouping options on the Issues pages. The production status is available for scans moving forward.
The Debricked file fingerprinting feature now allows overriding scan results. In some instances, the package and/or version resulting from file fingerprinting might differ from the dependency used in an application. Users can ensure the results are correct by excluding fingerprinting of a certain file or path. To do so, add the correct dependency to a manifest file or a CycloneDX SBOM using the Debricked CLI or generate a debricked-config.yaml file. For more information on excluding dependencies, see Manage or override results.
The Open Source Components page now supports filtering and sorting by the following columns:
Component, License, Scan Tool, Scope, and Type.
Users can download files that were previously submitted in the Additional Documents section for dynamic assessments.
A link to Fortify CLI (fcli), a command-line utility for interacting with various Fortify products, has been added to the Tools page.
The following feature is scheduled to be discontinued:
Documentation for Fortify on Demand is available on the Fortify on Demand portal, the Help Center, and Product Documentation. The documentation is available in English upon the upgrade; Japanese and Spanish translations are available a few weeks after the upgrade
The documentation for Fortify on Demand includes:
Fortify on Demand User Guide
This section provides details about supported platforms, systems, and versions.
Fortify on Demand supports the following browsers:
Fortify on Demand is currently localized in the following languages. Additional languages may be available in future releases.
UI = user interface only
B = both user interface and online help
Component |
EN |
DE |
JA |
FR |
IT |
ZH |
ES |
Fortify on Demand portal |
B |
|
B |
|
|
|
B |
AMS: https://helpcenter.ams.fortify.com/hc/en-us/articles/38059570897171
SGP: https://fodsgp.zendesk.com/hc/en-us/articles/15744662780691
APAC: https://helpcenter.apac.fortify.com/hc/en-us/articles/34400286870676
EMEA: https://helpcenter.emea.fortify.com/hc/en-us/articles/38058908738579
OpenText Corporation 275 Frank Tompa Drive Waterloo, Ontario Canada, N2L 0A1
For more information, visit the OpenText or My Support websites.