Options
Related Tips & Info

Fortify on Demand Releases 19.5

COEST
 
0 Likes

Original Question: Fortify on Demand Releases 19.5 by Brent_Jenkins

The Fortify on Demand 19.5 update contains some exciting new functionality to reduce false positives and improve your FoD experience. Here are some highlights to look forward to:

  • Ability to create audit templates that filter on application attributes
  • Dataflow cleanse rules (global and application) Watch Video!
  • Container scanning (BETA)

Full Details of the 19.5 release can be found within the Documentation section under “What’s New” upon release!

Usability Enhancements

Audit Tools

  • Attribute filter for global audit templates. This provides the ability for users to filter based on their defined attributes
  • Users have the ability to set application and global and application cleanse rules by function to reduce false positives

Tenant Usability

  • Release details issue trending chart has been moved to the front of release details
  • Logging when an application is deleted
  • Allow tenants to control password reset frequency
  • Logging for application audit template changes
  • Logging for policy changes
  • Logging when a report is generated
  • Improved messaging around include 3rd party libraries

Scan Origin Source

  • Origin source information in the scan summary
    • Users will have the ability to see if scans where imported by FPR
    • Users will have the ability to see if scans where imported by Dynamic Scheduler

CBT Updates

  • Course content has been updated and is “available now” in all regions
  • Logic to show browse course based on if a course has been taken to avoid customer confusion

API Enhancements

  • Scanning Priority, users have the options to select what happens when a scan is already in progress (skip or cancel)
    • POST /api/v3/releases/{releaseId}/static-scans/start-scan-advanced
  • Scan Time (Start and End) has been added
    • GET /api/v3/scans
    • GET /api/v3/scans/{scanId}/summary
    • GET /api/v3/releases/{releaseId}/scans
    • GET /api/v3/releases/{releaseId}/scans/{scanId}
    • GET /api/v3/applications/{applicationId}/scans

Scanning Enhancements

Security Content R3 Updates

  • Fortify on Demand has implemented Fortify Software Security Content 2019 update 3 from Fortify Security Research (SSR).

Fortify Static Code Analyzer 19.2 Support

  • Fortify on Demand has implemented version 19.1.2 of Micro Focus Fortify Static Code Analyzer for scanning source code now supporting Java 12 and React

Fortify WebInspect 19.2 Support

  • Fortify on Demand has implemented version 19.2.0 of Micro Focus Fortify WebInspect for scanning web applications.

 Container Scanning (BETA)

  • BETA scan type has been added that includes
    • Container scan setup/upload
    • Container scan reporting will be provided within the existing reports section automatically

Open Source Enhancements

  • Sonatype Reporting
    • Sonatype reporting has been expanded for the following report modules
      • OWASP 2017 Top 10
      • PCI 3.2 Executive Summary
      • PCI 3.2 Issue Breakdown
  • Sonatype Nexus IQ Integration
    • Provides the ability for customers to get additional information from Nexus IQ and pulled directly into FoD
  • Sonatype Entitlement Tracking
    • Provides the ability to track entitlements for new Sonatype entitlements

CI/CI Tools

  • FoD Uploader
    • Origin source information
      • Users will have the ability to see if scans where started by FoD Uploader
    • Scanning Priority
      • Users have the options to select what happens when a scan is already in progress (skip or cancel)
    • Paused/Cancelled Reason
  • Fortify on Demand Jenkins Plugin – Functionality and Features Demo
    • Updated marketplace name to Fortify on Demand to make it easier to find
    • Payload Packaging Improvements
      • Users can specify a location outside of working directory so that users can choose where to pull and package files from
    • Scanning Priority
      • Users have the options to select what happens when a scan is already in progress (skip or cancel)
  • Azure DevOps – Functionality and Features Demo
    • Poll for Results
      • This provides the ability for users to check scan status and get scan results directly in Azure DevOps
    • Scanning Priority
      • Users have the options to select what happens when a scan is already in progress (skip or cancel)
    • Error Handling
    • Improved error messaging for permissions issues
Comment List
Related
Recommended

Resources

Support
Documentation
Learning Services
Partner Programs
Privacy
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Business Conduct and Ethics
The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.