Development Release - dev/v3.x branch

See Assets section below for latest build artifacts

v3.14.2

3.14.2 (2025-12-24)

Bug Fixes

• Update dependencies (aeab071)
• Update MCP SDK to avoid VS Code Copilot plugin errors (aeab071)

v3.14

Semantic version release for v3.14.2

v3

Semantic version release for v3.14.2

latest

Semantic version release for v3.14.2

v3.14.1

3.14.1 (2025-12-19)

Bug Fixes

• ci action: Write job summary to GitHub Actions job summary (9688fc6)
• Action framework: Return proper exit code as set by exit instruction (4a44f45)

v3.14.0

3.14.0 (2025-12-18)

Features

• fcli tool * get: New commands for displaying detailed information about a specific installed tool version (737f39a)
• fcli tool * install: Add hidden --copy-if-matching option (internal use by fcli tool env init) to copy from existing installation instead of downloading (737f39a)
• fcli tool * install: Tool installations now show action status (installed/copied/registered/skipped) for better visibility (737f39a)
• fcli tool * register: New commands for registering existing tool installations with automatic version detection (supports binary path, bin directory, or installation directory) (737f39a)
• fcli tool definitions update: Add --force option to update definitions even if they are up-to-date (737f39a)
• fcli tool definitions update: Add --max-age option to only update definitions if older than specified period (e.g., 1h, 4h, 1d) (737f39a)
• fcli tool env init: New command for automatically setting up one or more Fortify tools (auto-detects pre-installed tools, downloads if necessary, supports air-gapped environments, and platform-specific tool caching) (737f39a)
• fcli tool env shell|powershell|github|gitlab|ado|expr: New commands for generating environment variable exports for installed or registered tools in various shell or CI/CD-specific formats (737f39a)
• fcli tool sc-client install: Add --jre option to specify custom JRE home directory for use with fcli tool sc-client run command (737f39a)
• fcli tool sc-client install: Improve JRE handling with automatic detection from environment variables (SC_CLIENT_JRE_HOME, SCANCENTRAL_JRE_HOME) (737f39a)
• Action SpEL functions: Add #opt(name, value) function for conditionally formatting command-line options (737f39a)
• Add fcli state persistency information in help output and 'session not found' errors when running in Docker containers (7c72c8a)
• Add UBI9 images for fortifydocker/fcli (b26962d)
• fcli ci action: Add support for PREINSTALLED environment variable to require all tools to be pre-installed, preventing automatic downloads (737f39a)
• fcli ci action: Add support for pre-installed tools via SC_CLIENT_HOME and DEBRICKED_HOME environment variables, complementing existing dynamic installation (737f39a)
• fcli debricked-scan action: Change default --cli-version from latest to auto for smarter version resolution (737f39a)
• fcli debricked-scan action: Simplify tool setup by using fcli tool env init instead of separate update/install steps (737f39a)
• fcli detect-env action: Renamed from ci-vars and updated to provide general environment detection capabilities (CI platform, Git repository, ...) (737f39a)
• fcli package action: Change default --sc-client-version from latest to auto for smarter version resolution (737f39a)
• fcli package action: Simplify tool setup by using fcli tool env init instead of separate update/install steps (737f39a)
• Publish shell-based UBI9 variant of fortifydocker/fcli to allow for interactive use (7c72c8a)

Bug Fixes

• fcli * action sign: Remove ability to generate private key to avoid the use of weak encryption algorithms (d04e38a)
• fcli aviator: Correct filtering logic to prevent valid issues from being skipped during audit (dd253b5)
• fcli aviator: Ensure consistent file hash generation across different builds (dd253b5)
• fcli fod sast-scan setup: Keep existing settings for "aviator" and "oss" unless explicit --[no-]oss or --[no-]use-aviator specified (fixes #885) (649cd88)
• fcli ssc session login: Fail with proper error if supplied token is invalid (09ce146)
• fcli ci action: Post-scan tasks (check-policy, release-summary, pr-comment, export) are now properly skipped if no scans were run (737f39a)
• fcli debricked-scan action: Mask Debricked token in console output (b28d342)
• fcli debricked-scan action: Show Debricked output both on successful run and in case of errors (b28d342)
• Improve error handling and error output (737f39a)

Development Release - feat/ci-updates branch

See Assets section below for latest build artifacts

Development Release - copilot/add-json-rpc-server-for-fcli branch

See Assets section below for latest build artifacts

v3.13.1

3.13.1 (2025-11-07)

Bug Fixes

• fcli aviator * apply-remediations: Fix NullPointerException if --source-dir not specified (fixes #860) (c5923d0)
• fcli sc-dast scan: Add support for new ScanCentral DAST scan status types (f50777a)
• fcli sc-dast scan: Fix ArrayIndexOutOfBoundsException if ScanCentral DAST returns a scan status type that is not (yet) known to fcli, now returning UnknownScanStatusType instead (f50777a)
• fcli util mcp-server start: Improve fcli tool * run commands to adhere to fcli stdout/stderr processing, to avoid tool output from interfering with MCP JSON-RPC messages (fixes #859) (2fa7817)
• fcli util mcp-server start: Improve support for long-running operations (ff757af)
• fcli util mcp-server start: Return paged records as soon as they become available (4f59fde)
• SSC bulkaudit action: Exclude from MCP tools as it doesn't make sense to run a batch process through LLM (de5472c)
• SSC bulkaudit action: Initialize stats.audit_failures counter to 0 to prevent error (0a0a00a)
• SSC debricked-scan action: Exclude from MCP tools as this actions requires sensitive data to be entered (16442a8)