Fortify on Demand Releases 19.5

0 Likes
4 months ago

Original Question: Fortify on Demand Releases 19.5 by Brent_Jenkins

The Fortify on Demand 19.5 update contains some exciting new functionality to reduce false positives and improve your FoD experience. Here are some highlights to look forward to:

  • Ability to create audit templates that filter on application attributes
  • Dataflow cleanse rules (global and application) Watch Video!
  • Container scanning (BETA)

Full Details of the 19.5 release can be found within the Documentation section under “What’s New” upon release!


Usability Enhancements

Audit Tools

  • Attribute filter for global audit templates. This provides the ability for users to filter based on their defined attributes
  • Users have the ability to set application and global and application cleanse rules by function to reduce false positives

Tenant Usability

  • Release details issue trending chart has been moved to the front of release details
  • Logging when an application is deleted
  • Allow tenants to control password reset frequency
  • Logging for application audit template changes
  • Logging for policy changes
  • Logging when a report is generated
  • Improved messaging around include 3rd party libraries

Scan Origin Source

  • Origin source information in the scan summary
    • Users will have the ability to see if scans where imported by FPR
    • Users will have the ability to see if scans where imported by Dynamic Scheduler

CBT Updates

  • Course content has been updated and is “available now” in all regions
  • Logic to show browse course based on if a course has been taken to avoid customer confusion

API Enhancements

  • Scanning Priority, users have the options to select what happens when a scan is already in progress (skip or cancel)
    • POST /api/v3/releases/{releaseId}/static-scans/start-scan-advanced
  • Scan Time (Start and End) has been added
    • GET /api/v3/scans
    • GET /api/v3/scans/{scanId}/summary
    • GET /api/v3/releases/{releaseId}/scans
    • GET /api/v3/releases/{releaseId}/scans/{scanId}
    • GET /api/v3/applications/{applicationId}/scans

Scanning Enhancements

Security Content R3 Updates

  • Fortify on Demand has implemented Fortify Software Security Content 2019 update 3 from Fortify Security Research (SSR).

Fortify Static Code Analyzer 19.2 Support

  • Fortify on Demand has implemented version 19.1.2 of Micro Focus Fortify Static Code Analyzer for scanning source code now supporting Java 12 and React

Fortify WebInspect 19.2 Support

  • Fortify on Demand has implemented version 19.2.0 of Micro Focus Fortify WebInspect for scanning web applications.

 Container Scanning (BETA)

  • BETA scan type has been added that includes
    • Container scan setup/upload
    • Container scan reporting will be provided within the existing reports section automatically

Open Source Enhancements

  • Sonatype Reporting
    • Sonatype reporting has been expanded for the following report modules
      • OWASP 2017 Top 10
      • PCI 3.2 Executive Summary
      • PCI 3.2 Issue Breakdown
  • Sonatype Nexus IQ Integration
    • Provides the ability for customers to get additional information from Nexus IQ and pulled directly into FoD
  • Sonatype Entitlement Tracking
    • Provides the ability to track entitlements for new Sonatype entitlements

CI/CI Tools

  • FoD Uploader
    • Origin source information
      • Users will have the ability to see if scans where started by FoD Uploader
    • Scanning Priority
      • Users have the options to select what happens when a scan is already in progress (skip or cancel)
    • Paused/Cancelled Reason
  • Fortify on Demand Jenkins Plugin – Functionality and Features Demo
    • Updated marketplace name to Fortify on Demand to make it easier to find
    • Payload Packaging Improvements
      • Users can specify a location outside of working directory so that users can choose where to pull and package files from
    • Scanning Priority
      • Users have the options to select what happens when a scan is already in progress (skip or cancel)
  • Azure DevOps – Functionality and Features Demo
    • Poll for Results
      • This provides the ability for users to check scan status and get scan results directly in Azure DevOps
    • Scanning Priority
      • Users have the options to select what happens when a scan is already in progress (skip or cancel)
    • Error Handling
    • Improved error messaging for permissions issues
Comment List
Anonymous
Related Discussions
Recommended