Options
Related Tips & Info

Fortify on Demand Releases version 19.2

COEST
 
0 Likes

Original Question: Fortify on Demand Releases version 19.2 by Brent_Jenkins

Fortify on Demand (FoD) delivers application security as a service, providing customers with the security testing, vulnerability management, expertise, and support needed to easily create, supplement, and expand a Software Security Assurance program in as little as just one day.

The Fortify on Demand team is excited to announce the release of version 19.2 on 5/18/2019. This exciting update contains functionality, automation, and user experience improvements, which are outlined below:

  • New API Functionality
  • Enhanced Integrations for Jenkins and Azure DevOps
  • User Experience Improvements
  • Microservice Enhancements
  • Entitlements Visibility Enhancements
  • Dynamic Scanning Improvements
  • Opensource User Experience Enhancements

 

New APIs Functionality

  • New and improved endpoints for global data exports
  • GET/api/v3/reports/dataexports
  • GET/api/v3/reports/dataexports/{dataExportId}/download
  • Audit Templates - Audit Templates to allow users to pull a list of application audit filters
    • GET /api/v3/applications/{applicationId}/audittemplates
  • Static Scan Manifest - Static Scan Manifest log file
  • GET/api/v3/scans/{scanId}/manifest
  • User Groups - User Groups can get list Group ID, Group Name, and Number of Users
  • GET /api/v3/user-group-application-access/{userGroupId}
  • POST /api/v3/user-group-application-access/{userGroupId}
  • DELETE /api/v3/user-group-application-access/{userGroupId}/{applicationId}
  • GET /api/v3/user-management/user-groups
  • GET /api/v3/applications/{applicationId}/user-groups

 

Enhanced Integrations for Jenkins and Azure DevOps (Updates Already Live)

  • Fortify on Demand Uploader Plugin - Jenkins plugin pipeline support
    • Expanded support for existing personal access token and API Key support within Jenkins pipelines
  • Expanded support for existing personal access token and API Key support
  • Azure DevOps removed the ability to select scan preference (deprecated functionality)
    • Users can still select audit preference. 
  • Added ability to select entitlement preferences.

 

User Experience Improvements

  • Ability to provide an IP name in the IP restrictions section
  • Created policy creation wizard to allow for simpler app sec policy creation
    • Policies can now be applied to dev, test, and prod
  • Ability to customize open developer statuses
  • Enhanced filtering to allow multi-select on the” Your Releases” page for
    • Business Criticality
    • Star Rating
    • Pass/Fail
  • Users now have the ability to select a signing algorithm SSO connections
    • SHA-1(Default)
    • SHA-256
  • New kingdom filter for global and application audit templates
  • Ignore version history FPR import (applies to both dynamic and static scans)
  • When a customer imports a static or dynamic FPR, suppression status is imported for “new” issues

 

Microservices Enhancements

  • Increased size limit from 15mb to 100mb
  • 1 in progress scan per app; additional microservices will queue (1 scan at a time per microservice)
  • Automated audit for all scans

 

Entitlements Visibility Enhancements

  • Users will have the ability to select an entitlement ID (custom field) for mobile, static, dynamic scans
  • Users now have the ability to view entitlements showing quantity purchased, consumed and start date

 

Dynamic Scanning Improvements

  • Recurring dynamic scans are scheduled beginning 7 days before the next scan date
      • If a scan is already in progress for the app at the 7-day mark, then the next scan won’t be scheduled
  • Network Scan
    • Depreciated support for importing network scans

 

Open Source User Experience Enhancements

  • A standalone open source components issues page has been created to understand open source vulnerabilities
  • System event history is now being populated
  • Open source recommendations are now including CWE links with the recommendations tab
  • Executive summary, Issue breakdown, Issue breakdown by Analysis reporting now includes open sources issues

 

Static Scanning Language Support

  • Scanning has been Improved to provide improved scan accuracy and turnaround times for static scans
  • Language support has been expanded to include the following languages:
    • ECMAScript 2018
    • TypeScript 3.x
    • Angular 7
    • Python 3
    • Django 2.x
    • Java 11

 

Accessing Fortify on Demand Documentation
Users can access the most recent Fortify on Demand User Guide and Release Notes from the Fortify on Demand Help Center along with additional support documents and FAQs.

To check for recent updates or to verify that you are using the most recent edition of a document, go to: https://www.microfocus.com/support-and-services/documentation

Comment List
Related
Recommended

Resources

Support
Documentation
Learning Services
Partner Programs
Privacy
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Business Conduct and Ethics
The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.