v3.9

Semantic version release for v3.9.1

v3.9.0

3.9.0 (2025-09-29)

Features

• fcli fod *-scan setup: Implement --skip-if-exists option for all scan types (resolves #593) (219c6f6)
• fcli fod microservice: Add --attrs and --auto-required-attrs options on applicable micro service commands (resolves #640) (5b7eb7e)
• fcli ssc appversion create: Add --add-tags and --rm-tags options (6c3a5a4)
• fcli ssc appversion update: Add --add-tags and --rm-tags options (6c3a5a4)
• fcli ssc issue-template create: Add --add-tags and --rm-tags options (6c3a5a4)
• fcli ssc issue-template update: Add --add-tags and --rm-tags options (6c3a5a4)
• Add fcli ssc custom-tag commands for creating, listing, and updating custom tags (6c3a5a4)
• Add fcli ssc issue-template commands for managing issue templates, deprecate corresponding fcli ssc issue *-template(s) commands (6c3a5a4)
• Add fcli util mcp-server start command to allow LLMs to interact with Fortify products through fcli (#806) (92131a6)

Bug Fixes

• fcli aviator ssc audit: Prevent command from stalling on errors & other error handling improvements (#811) (4deff48)
• fcli fod *-scan wait-for: Add scan queue position (see #677) (219c6f6)
• fcli fod access-control update-user: Change action field to REQUESTED instead of UPDATED, as changes may not be applied immediately by FoD (09e39bf)
• fcli fod dast-scan cancel not working (ba59f6f)
• fcli fod dast-scan start: Implemented DAST Automated scan queuing/cancelling to avoid error if scan already running (fixes #565) (51aa462)
• fcli ssc action run ci: Fix failure when Aviator audit is enabled (fixes #789) (103263a)
• Add fcli action SpEL functions documentation (#791) (daf54a5)

Development Release - mcp-server branch

MCP server functionality has now been merged into the dev/v3.x branch for inclusion in the next fcli 3.9.0 release. If you wish to play around with the fcli MCP server feature, please download artifacts from either dev/v3.x development release, or 3.9.0+ release once released.

v3.8.1

3.8.1 (2025-07-25)

Bug Fixes

• Fix build issue that caused fcli release process to fail (4d074d3)

v3.8.0

3.8.0 (2025-07-25)

⚠️ Release process for fcli v3.8.0 failed

Fcli binaries and documentation for this release are not available; please see https://github.com/fortify/fcli/releases/latest for latest release assets.

Features

• fcli aviator session login: Validate connection and token (0befdb7)
• fcli aviator ssc audit: Generate remediations.xml with code fixes from aviator audit results (0befdb7)
• fcli aviator: SAST Aviator 25.3.0 release (0befdb7)
• gitlab-sast-report actions: Add trace nodes (f2df2e4)
• Action schema: Support if: instruction on individual with: elements (f6f8175)
• Add gitlab-codequality-report actions for SSC and FOD (resolves #733) (8c9b87c)
• Add action schema documentation (see #701) (f1acba0)
• FoD setup-release action: Add --store option to store FoD release data in fcli variable (e325852)
• SSC ci action: Add support for running Aviator audit after scan completion (resolves #750) (5722a68)
• SSC setup-appversion action: Add --store option to store SSC application version data in fcli variable (e325852)

Bug Fixes

• fcli aviator ssc audit: Improve handling of PROTOCOL_ERROR by adding retry for failed streams (0befdb7)
• fcli aviator ssc audit: Skip suppressed issues in Aviator audit (0befdb7)
• fcli aviator token *: --email option is now optional in aviator token commands (0befdb7)
• Action run.fcli instruction: Improve error handling (5fedf4a)
• Commands that output Action column: Fix (renamed) __action__ property being included in output even if not explicitly listed in -o <fmt>=<properties> (fixes #774) (8352608)
• Commands that output Action column: Fix __action__ property improperly being renamed to Action for technical output formats like json or yaml (fixes #774) (8352608)
• Commands that output Action column: Fix ,__action__:Action being appended to expr output (fixes #774) (8352608)
• SSC setup-appversion action: Add missing quotes to avoid exception if the name of the application version to create contains spaces (9e0dbba)
• Throw proper exception on invalid character encoding (resolves #772) (3fb54bb)

v3.8

Semantic version release for v3.8.1

v3.7.0

3.7.0 (2025-07-07)

Features

• fcli ssc session login: Allow for disabling SC-SAST/SC-DAST connectivity (resolves #740) (b7aaae2)

Bug Fixes

• ci action: Improve & complement usage help (fixes #752, closes #762) (22a5498)
• fcli aviator ssc audit: Fix thread synchronization issues that randomly cause exceptions while auditing (7819ec5)
• gitlab-*-report actions: Output empty string instead of null for description field (da7f705)
• gitlab-dast-report FoD action: Fix exception if site tree is unavailable (6b24369)
• Fix action progress messages not being cleared before final output (fixes #766) (4f03395)
• Fix incorrect synopsis in documentation for built-in actions (fixes #765) (closes #767) (4f18948)
• SSC check-policy action: Fix --filterset option being ignored (55e555d)

v3.7

Semantic version release for v3.7.0

v3.6.0

3.6.0 (2025-06-14)

Features

• *-sast-report actions: Add --source-dir option to allow for matching Fortify-reported source file paths against repository file paths (fixes #749) (775c5a3)
• ci actions: Automatically pass --source-dir option to SAST report actions (fixes #749) (775c5a3)
• fcli fod: New fcli fod oss list-components command (resolves #244) (775c5a3)

Bug Fixes

• fcli fod sast-scan setup: Allow assessment type to be specified by Id or Name (resolves #738) (775c5a3)
• fcli fod: Fix issue with page handling in REST responses, potentially causing issues if more than 9 pages of results are available on FoD (775c5a3)

v3.6

Semantic version release for v3.6.0