Original Question: Micro Focus Fortify Product Announcement: SCA & SSC Version 19.1.0 by AmandaH

Micro Focus Fortify is pleased to announce the immediate availability of Fortify Static Code Analyzer (SCA) and Fortify Software Security Center (SSC) 19.1.0. The 19.1.0 release provides core language improvements as well as tool and integration enhancements to drive greater customer efficiency and value.

Fortify Software Security Center (SSC) & Fortify Static Code Analyzer (SCA) 19.1.0 Product Announcement

Fortify SCA and SSC 19.1.0 release emphasizes the evolving needs to enhance existing languages, improve integration/automation capabilities and support for new constructs and frameworks. We continue to build on our vision to continue our market leadership by providing key enterprise enhancements that focus on improvements in speed, automation and usability.

Fortify Static Code Analyzer (SCA) Key Highlights

• TypeScript language support now includes:
  • Type information for Fortify rules
  • Higher Order Analysis (HOA) performance improvements
  • Support for TypeScript 3.1 and 3.2
• Python language support now includes:
  • Support for Python 3.7
  • Support for Django 2.x
  • Performance improvements
• Gradle 4.x support has been added.
• Angular 7 support has been added.
• Java 10 and Java 11 support has been added.
• ECMAScript 2018 support has been added.
• Higher Order Analyzer is able to better track dataflow issues and uncover more vulnerabilities for JavaScript and TypeScript applications.

Micro Focus Fortify CloudScan

Fortify CloudScan now ships with a utility to package source code, dependencies, and Fortify Static Code Analyzer translation instructions. The packaging utility allows you to centralize your Fortify infrastructure and create a consistent approach across languages.

• You no longer have to install and run Fortify Static Code Analyzer on the build server for the following languages: Java, JavaScript, Ruby, Python, and PHP.
• The packaging utility packages everything necessary, including dependencies, and sends the package directly to the CloudScan CLI. The CloudScan CLI then sends it on to the sensors, which perform both translation and scanning phases of the analysis.
• The packaging utility intelligently sets what were previously manual translation options. Simply provide the location of the build file (build.gradle / pom.xml). No other configuration options are required for build integration.
• This new Fortify CloudScan utility supports auto packaging using the Gradle or Maven build tools.

Micro Focus Fortify Static Code Analyzer Tools Key Highlights

• Fortify Jenkins Plugin enables integration of Fortify tasks easily into Jenkins pipelines, and view security results on Jenkins, and automatically fail a build.

• • Post-build action analyzes the source with Fortify Static Code Analyzer, updates security content, uploads analysis results to Fortify Software Security Center, and fails the build based on uploaded results processed by Fortify Software Security Center.
  • Provides native pipeline support for source code analysis with Fortify Static Code Analyzer, security content update, and uploads to Fortify Software Security Center.
  • Snippet generator makes it easy to generate the pipeline code necessary to add a Fortify task to a pipeline script.
  • Displays Fortify security analysis results for each job that includes a history trend and the latest issues from Fortify Software Security Center. Navigates to individual issues on Fortify Software Security Center for detailed analysis.

Fortify Software Security Center (SSC) Key Highlights

• Improved Auditing Capabilities

• • Complete audit tasks on a single page
  • Comments and rule packs on the Audit Page can be viewed easier
  • Multiple application versions can be viewed on the Audit Page

Fortify Ecosystem and Marketplace

The Micro Focus Fortify Ecosystem is an integration framework covering 10 software categories with the tools, applications and REST APIs that organizations are leveraging across DevOps and 3rd party toolchains. Our ecosystem enable our customers to integrate our solutions easily and seamlessly into their environments with tools found in our Fortify Marketplace.

The Fortify Marketplace enables customers to go to one location to access new integrations, plugins, updates, etc.  The Fortify Marketplace can be found here: Fortify Marketplace

Join the Micro Focus Security Fortify Community!

Join the Micro Focus Security community that provides customer-facing forums, educational webinar, product documentation and tutorials. Connect with peers, ask questions, search for solutions, share ideas, and collaborate over best practices in the Community today. Visit: https://community.softwaregrp.com/t5/Fortify/ct-p/fortify

Documentation

You can find both html and pdf documentation for Fortify version 19.1.0 software products at:

https://www.microfocus.com/support-and-services/documentation/

The following quick links have been provided for your convenience for our 19.1.0 release:

• Fortify System Requirements
• Fortify Software Security Center
• Fortify SCA and Applications

Note: Legacy documentation (prior to 18.20) can still be found at:

https://community.softwaregrp.com/t5/Fortify-Product-Documentation/ct-p/fortify-product-documentation

Contact Support

For support, please visit https://softwaresupport.softwaregrp.com/. 

Details are available in the attached release letters along with specific feature requirements. We hope that you continue to find out products helpful and we welcome any feedback. If you have any questions, please don’t hesitate to contact us.

Scott Johnson

Director of Product Management

Micro Focus Security Fortify

1 (404) 931-1028

scott.k.johnson@microfocus.com  

Fortify Release Announcement SCA and SSC 19.1.0.pdf