Highlighted
Micro Focus Expert
Micro Focus Expert
757 views

Micro Focus Fortify Product Announcement: SCA, SSC, WI & WIE 20.1.0

Micro Focus Fortify Product Announcement

Date: May 19, 2020

Version 20.1.0

Micro Focus Fortify is pleased to announce the immediate availability of version 20.1.0 of Fortify Software Security Center (SSC), Fortify Static Code Analyzer (SCA), WebInspect, and WebInspect Enterprise. The Fortify 20.1.0 on-premises release continues to advance the strategic initiatives of the product suite by adding accelerated language support, providing end users with actionable results, expanding our open source solution with Sonatype, offering hybrid delivery methods, and shifting application security left.

Fortify Software Security Center (SSC) & Fortify Static Code Analyzer (SCA) 20.1.0

Fortify SSC and SCA 20.1.0 release emphasizes the evolving needs to enhance existing languages, improve integration/automation capabilities and support new constructs and frameworks. We continue to build on our vision to continue our market leadership by providing key enterprise enhancements that focus on improvements in speed, automation and usability.

Fortify Static Code Analyzer (SCA) Key Highlights

  • Additional Language Support
    • Support added for .NET Core 2.2, 3.0, and 3.1
    • Support added for C# 8
    • Support added for VB.NET 16.0 (2019)
    • Support added for MSBuild 16.4
    • Support added for .NET Framework version 4.8
    • Support added for ASP.NET 4.8
    • Support added for macOS 10.15
    • Support added for Java 13
    • Support added for Xcode 11, 11.1, 11.2.1, 11.3, 11.3.1
    • Support added for Kotlin 1.3.50
    • Support added for Go language 1.13.x (up to 1.13.3)
    • .NET updates
    • macOS update
    • Java update
    • Swift and Objective-C updates
    • Kotlin (technical preview)
    • Go updates
  • Performance Improvements: We substantially improved dynamic languages analysis performance by making changes to:
    • The Higher Order Analysis (HOA) algorithm
    • Taint analysis of Python’s static initializers
    • Type inference scalability on multiple cores

These changes affect all languages that leverage higher order analysis:

    • Python
    • TypeScript
    • JavaScript
    • Ruby
    • Swift

Fortify Software Security Center (SSC) Key Highlights

  • Applications view:
    • Application versions now displayed in an expandable list under the application name.
  • Scans view:
    • Copy token added to the clipboard button on the Scan Requests page.
    • Hostname and Pool columns added to the Scan Requests page.
  • Software Security Center Kubernetes Deployment
    • A new container is available on Fortify Docker. It includes detailed documentation for deploying and configuring Software Security Center via Helm charts to a Kubernetes cluster.
  • New CWE Top 25 2019 Report
    • Prioritize your security issues using the 2019 version of the CWE Top 25 2019.
  • ScanCentral Updates
    • Automatic client updates
    • Secure the controller
    • Package scanner tool


WebInspect & WebInspect Enterprise 20.1.0

WebInspect and WebInspect Enterprise 20.1.0 releases emphasize powerful scanning capabilities, improved integrations with an organization’s ecosystem, and improvements to the user experience. WebInspect can be upgraded to the latest release using SmartUpdate service, or by downloading via the Software Support Portal.

Fortify WebInspect 20.1.0 Key Highlights

  • Engine Updates – Big Improvements on Modern Apps
    • We updated our engines to keep pace with customers’ evolving applications. The engine update dramatically improves WebInspect’s ability to scan applications built with modern JavaScript frameworks.
  • Single-Page Application (SPA) Coverage Visualization
    • The new engine improves the visualization of Single-Page Applications.
  • Macro Recorder Updates
    • The Macro Recorder is now on by default across all areas of WebInspect. The updated recorder delivers an improved experience when recording both login and workflow macros.
  • Upgraded Rescan Technology
    • We improved rescan capabilities to deliver a dramatically faster, more flexible, and more reliable experience. Our new rescan technology is better at replaying complicated attack sequences and is available via the UI, API, and CLI.
  • Authenticated API Scanning with Postman
    • We simplified API scanning and automation by adding the ability to handle authenticated API scanning to our Postman integration.
  • Selenium WebDriver Login Macros
    • Building on the Selenium WebDriver support from our last release, WebInspect now supports using a Selenium WebDriver script as a login macro.

Fortify WebInspect Enterprise 20.1.0 Key Highlights

  • Engine Updates – Big Improvements on Modern Apps
    • We updated our engines to keep pace with customers’ evolving applications. The engine update dramatically improves the ability to scan applications built with modern JavaScript frameworks.
  • Macro Recorder Updates
    • The Macro Recorder is now available within WebInspect Enterprise and as a standalone application, Macro Recorder 5.0. This application is available in the Fortify Marketplace. Continuing our goal of supporting modern applications, Macro Recorder 5.0 delivers an improved experience when recording both login and workflow macros.
  • Silverlight Removal Complete
    • The WebInspect Enterprise Desktop client now automatically opens in Microsoft Internet Explorer and in Microsoft Edge.

 

Learn More

For more information about the Micro Focus Fortify 20.1 release, visit these links:

 

Join the Fortify Community!

Join the Micro Focus Security community that provides customer-facing forums, educational webinar, product documentation and tutorials. Connect with peers, ask questions, search for solutions, share ideas, and collaborate over best practices in the Fortify Community today. Visit: https://community.softwaregrp.com/t5/Fortify/ct-p/fortify

 

Documentation

You can find both html and pdf documentation for Fortify version 20.1.0 software products at:
https://www.microfocus.com/support-and-services/documentation/

 

Note: Legacy documentation (prior to 18.1) can still be found at:

https://community.softwaregrp.com/t5/Fortify-Product-Documentation/ct-p/fortify-product-documentation

 

Contact Support

For support, please visit https://softwaresupport.softwaregrp.com/.

Details are available in the attached release letters along with specific feature requirements. We hope that you continue to find out products helpful and we welcome any feedback. If you have any questions, please don’t hesitate to contact us.

Scott Johnson
Director of Product Management
Micro Focus Security Fortify
+1 (404) 931-1028
scott.k.johnson@microfocus.com

Labels (2)
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.