In the new release of Fortify on Demand (FoD) 19.5, which delivers application security as a service, users will experience some exciting new functionality to reduce false positives and improve the FoD experience overall. Here are four highlights to look forward to!
1. Container scanning (BETA)
It’s no secret that container use is on the rise, so the ability to secure these containers is something that many organizations will soon face. In Fortify on Demand 19.5, we introduce the BETA scan type for containers that includes:
- Container scan setup/upload
- Container scan reporting will be provided within the existing reports section automatically
2. CI/CD Tool Enhancements
Updated Fortify on Demand Jenkins Plugin
Aside from the updated marketplace name to include Fortify on Demand for easier visibility, numerous updates and enhancements have recently been done. With Payload Packaging improvements, scanning priority and more, a demo of these features can be seen on our Fortify Unplugged YouTube channel.
Updated Azure DevOps Plugin
With numerous enhancements being done with the integration between Fortify on Demand and Azure DevOps, such as poll results, scanning priority, error handling and more, a demo of these features can also be found on our Fortify Unplugged YouTube channel.
3. Open Source Enhancements
To further enhance the recent partnership between Fortify and Sonatype, which allows customers the advantages of a single, fully-integrated application security platform, without compromising depth and capability in managing open source risk and vulnerabilities, new integration features have been added. In Fortify on Demand 19.4, we saw the addition of the following enhancements:
- Open Source Issues Added to Issue Detail Modules
- Open source issues have been added to the Issue Detail and Issue Detail (Extended) report modules.
- Deprecation of Open Source Import Functionality
With Fortify on Demand 19.5, users will now benefit from the following open source analysis enhancements:
Sonatype reporting has been expanded for the following report modules
- OWASP 2017 Top 10
- PCI 3.2 Executive Summary
- PCI 3.2 Issue Breakdown
Sonatype Nexus IQ Integration
This integration provides the ability for customers to get additional information from Nexus IQ and pulled directly into Fortify on Demand.
Sonatype Entitlement Tracking
This enhancement provides the ability to track entitlements for new Sonatype entitlements.
4. Audit Template and Tool Enhancements
Auditors can now easily apply audit decisions to issues while reviewing them. Users with the Audit Issues permission can create application audit template filters for a selected issue from the Issues page:
- If the issue has existing filters that apply, those filters are displayed.
- If the issue does not have any filters that apply, the user can create a new filter from a list of predefined conditions that applies to the issue.
There is also now an Attribute filter for global audit templates. This provides the ability for users to filter based on their defined attributes. Users have the ability to set application and global and application cleanse rules by function to reduce false positives.
It goes without saying, but these highlights are just the tip of the iceberg for what the newest release of Fortify on Demand offers customers. Usability enhancements, API enhancements, Scanning enhancements, Dataflow Cleanse rules to reduce the noise and more have also been added. For the full list of what to expect in Fortify on Demand 19.5, visit the product announcement now!