New Ranks & Badges For The Community!
Notice something different? The ranks and associated badges have gone "Star Fleet". See what they all mean HERE
Highlighted
Micro Focus Expert
Micro Focus Expert
743 views

Fortify on Demand Releases 19.5

The Fortify on Demand 19.5 update contains some exciting new functionality to reduce false positives and improve your FoD experience. Here are some highlights to look forward to:

  • Ability to create audit templates that filter on application attributes
  • Dataflow cleanse rules (global and application) Watch Video!
  • Container scanning (BETA)

Full Details of the 19.5 release can be found within the Documentation section under “What’s New” upon release!


Usability Enhancements

Audit Tools

  • Attribute filter for global audit templates. This provides the ability for users to filter based on their defined attributes
  • Users have the ability to set application and global and application cleanse rules by function to reduce false positives

Tenant Usability

  • Release details issue trending chart has been moved to the front of release details
  • Logging when an application is deleted
  • Allow tenants to control password reset frequency
  • Logging for application audit template changes
  • Logging for policy changes
  • Logging when a report is generated
  • Improved messaging around include 3rd party libraries

Scan Origin Source

  • Origin source information in the scan summary
    • Users will have the ability to see if scans where imported by FPR
    • Users will have the ability to see if scans where imported by Dynamic Scheduler

CBT Updates

  • Course content has been updated and is “available now” in all regions
  • Logic to show browse course based on if a course has been taken to avoid customer confusion

API Enhancements

  • Scanning Priority, users have the options to select what happens when a scan is already in progress (skip or cancel)
    • POST /api/v3/releases/{releaseId}/static-scans/start-scan-advanced
  • Scan Time (Start and End) has been added
    • GET /api/v3/scans
    • GET /api/v3/scans/{scanId}/summary
    • GET /api/v3/releases/{releaseId}/scans
    • GET /api/v3/releases/{releaseId}/scans/{scanId}
    • GET /api/v3/applications/{applicationId}/scans

Scanning Enhancements

Security Content R3 Updates

  • Fortify on Demand has implemented Fortify Software Security Content 2019 update 3 from Fortify Security Research (SSR).

Fortify Static Code Analyzer 19.2 Support

  • Fortify on Demand has implemented version 19.1.2 of Micro Focus Fortify Static Code Analyzer for scanning source code now supporting Java 12 and React

Fortify WebInspect 19.2 Support

  • Fortify on Demand has implemented version 19.2.0 of Micro Focus Fortify WebInspect for scanning web applications.

 Container Scanning (BETA)

  • BETA scan type has been added that includes
    • Container scan setup/upload
    • Container scan reporting will be provided within the existing reports section automatically

Open Source Enhancements

  • Sonatype Reporting
    • Sonatype reporting has been expanded for the following report modules
      • OWASP 2017 Top 10
      • PCI 3.2 Executive Summary
      • PCI 3.2 Issue Breakdown
  • Sonatype Nexus IQ Integration
    • Provides the ability for customers to get additional information from Nexus IQ and pulled directly into FoD
  • Sonatype Entitlement Tracking
    • Provides the ability to track entitlements for new Sonatype entitlements

CI/CI Tools

  • FoD Uploader
    • Origin source information
      • Users will have the ability to see if scans where started by FoD Uploader
    • Scanning Priority
      • Users have the options to select what happens when a scan is already in progress (skip or cancel)
    • Paused/Cancelled Reason
  • Fortify on Demand Jenkins Plugin – Functionality and Features Demo
    • Updated marketplace name to Fortify on Demand to make it easier to find
    • Payload Packaging Improvements
      • Users can specify a location outside of working directory so that users can choose where to pull and package files from
    • Scanning Priority
      • Users have the options to select what happens when a scan is already in progress (skip or cancel)
  • Azure DevOps – Functionality and Features Demo
    • Poll for Results
      • This provides the ability for users to check scan status and get scan results directly in Azure DevOps
    • Scanning Priority
      • Users have the options to select what happens when a scan is already in progress (skip or cancel)
    • Error Handling
    • Improved error messaging for permissions issues
0 Replies
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.