v3.2

Semantic version release for v3.2.1

v3.2.0

3.2.0 (2025-04-14)

Features

• ci & package actions: Store ScanCentral Client log files in current working directory for easy access (d3f604b)
• fcli * action run package/ci: Use generic --debug option to enable ScanCentral Client debug logging (3f8b007)
• fcli sc-sast scan start: Use generic --debug option to enable both fcli logging and requesting ScanCentral diagnostic logs to be generated (3f8b007)
• fcli tool sc-client run: Add --logdir option to specify log file location (d3f604b)
• Add generic --debug flag; this enables both fcli logging, and may be used by some fcli commands or fcli actions to enable additional logging functionality (3f8b007)

Bug Fixes

• If --log-level was specified without --log-file, no log file was being generated (3f8b007)

v3.1.1

3.1.1 (2025-04-07)

Bug Fixes

• Fix Docker image publishing (7426df9)

v3.1.0

3.1.0 (2025-04-07)

Features

• Add FoD servicenow-csv-report action (7978f8d)
• Add gitlab-installer-svc Docker image (7978f8d)
• Add SSC servicenow-csv-report action (7978f8d)

Bug Fixes

• ci-vars action: Properly remove trailing .git from GitLab repo URL (b9938b8)
• fcli fod issue ls: Add partial server-side filtering support (daf4aec)
• Exception on YAML output if no data (e25994d)
• Fix stderr being suppressed in run.fcli action step (7e88f07)
• Fix table output exception (fixes #708) (24e70e3)
• Improve output on REST response exceptions (e051bcc)

v3.0.0

3.0.0 (2025-03-18)

⚠ BREAKING CHANGES

• fcli:--output option: Removed some output formats, partially replaced by new --style option
• fcli fod: Renamed --session option to --fod-session
• fcli * action: Significant changes to fcli action yaml syntax; custom actions developed for fcli 2.x will not run on fcli 3.x, and vice versa
• fcli sc-dast session: All SC-DAST session commands have been removed; please use fcli ssc session commands instead
• fcli sc-dast: Renamed --session option to --ssc-session
• fcli sc-sast session: All SC-SAST session commands have been removed; please use fcli ssc session commands instead
• fcli sc-sast: Renamed --session option to --ssc-session
• fcli sc-sast scan start: Local files referenced in --sargs must now be preceded with @, not file:. This is a shorter, more common convention for referencing files.
• fcli sc-sast scan start: Renamed --ssc-ci-token option to --publish-token to better describe the purpose
• fcli sc-sast scan start: Remove -p / --package-file option; replaced by -f / --file
• fcli sc-sast scan start: Remove -m / --mbs-file option; replaced by -f / --file
• fcli ssc session: Now manages combined SSC/SC-SAST/SC-DAST sessions, allowing a single session to be used for invoking all SSC/SC-SAST/SC-DAST commands
• fcli ssc: Renamed --session option to --ssc-session
• fcli ssc session login: Removed --ci-token option; please use --token option instead
• fcli ssc appversion create: Removed deprecated AnalysisProcessingRules as allowed value for --copy option; use processing-rules instead
• fcli ssc appversion create: Removed deprecated BugTrackerConfiguration as allowed value for --copy option; use bugtracker instead
• fcli ssc issue: Removed hidden/preview check command, as this is now implemented through the check-policy action

Features

• fcli * action: New package action for packaging source code using ScanCentral Client (2a9e69e)
• fcli * action: Significant changes to fcli action yaml syntax; custom actions developed for fcli 2.x will not run on fcli 3.x, and vice versa (2a9e69e)
• fcli action: New top-level action command for cross-product or product-agnostic actions (2a9e69e)
• fcli aviator: New module to manage Fortify Aviator and run Aviator audits (hidden until Aviator has been released) (2a9e69e)
• fcli config: Add ability to configure fcli trust store through environment variables (#690) (2a9e69e)
• fcli fod app create: New --skip-if-exists option (2a9e69e)
• fcli fod issue: New update command (resolves fortify#669) (#698) (2a9e69e)
• fcli fod: Renamed --session option to --fod-session (2a9e69e)
• fcli sc-dast session: All SC-DAST session commands have been removed; please use fcli ssc session commands instead (2a9e69e)
• fcli sc-dast: Renamed --session option to --ssc-session (2a9e69e)
• fcli sc-sast scan download: New command for downloading FPR, logs, job files (2a9e69e)
• fcli sc-sast scan list: New command for listing scan jobs (2a9e69e)
• fcli sc-sast scan start: Add --debug option to request debug (diagnosis) logs to be collected for the scan job (2a9e69e)
• fcli sc-sast scan start: Add --no-replace option to keep existing scan jobs (2a9e69e)
• fcli sc-sast scan start: Add --publish-as option to specify the name of the FPR file that is uploaded to SSC (2a9e69e)
• fcli sc-sast scan start: Add --scan-timeout option to specify scan job time-out (2a9e69e)
• fcli sc-sast scan start: Add -f / --file option to specify scan payload; automatically detects MBS or package file (2a9e69e)
• fcli sc-sast scan start: Local files referenced in --sargs must now be preceded with @, not file:. This is a shorter, more common convention for referencing files. (2a9e69e)
• fcli sc-sast scan start: Remove -m / --mbs-file option; replaced by -f / --file (2a9e69e)
• fcli sc-sast scan start: Remove -p / --package-file option; replaced by -f / --file (2a9e69e)
• fcli sc-sast scan start: Renamed --ssc-ci-token option to --publish-token to better describe the purpose (2a9e69e)
• fcli sc-sast session: All SC-SAST session commands have been removed; please use fcli ssc session commands instead (2a9e69e)
• fcli sc-sast: Renamed --session option to --ssc-session (2a9e69e)
• fcli ssc action: Add support for sc-sast and sc-dast request targets in action implementations (2a9e69e)
• fcli ssc appversion create: Removed deprecated AnalysisProcessingRules as allowed value for --copy option; use processing-rules instead (2a9e69e)
• fcli ssc appversion create: Removed deprecated BugTrackerConfiguration as allowed value for --copy option; use bugtracker instead (2a9e69e)
• fcli ssc issue: Removed hidden/preview check command, as this is now implemented through the check-policy action (2a9e69e)
• fcli ssc session login: Default session lifetime when authenticating with user credentials is now 3 days for recent SSC versions, instead of only 1 day (2a9e69e)
• fcli ssc session login: New --client-auth-token option due to SC-SAST sessions now being managed through SSC sessions (2a9e69e)
• fcli ssc session login: New --sc-sast-url option due to SC-SAST sessions now being managed through SSC sessions (2a9e69e)
• fcli ssc session login: Removed --ci-token option; please use --token option instead (2a9e69e)
• fcli ssc session: Now manages combined SSC/SC-SAST/SC-DAST sessions, allowing a single session to be used for invoking all SSC/SC-SAST/SC-DAST commands (2a9e69e)
• fcli ssc: Renamed --session option to --ssc-session (2a9e69e)
• fcli tool: Allow cached tool installations to be re-used if fcli state information is lost (for example across different CI pipeline runs) (2a9e69e)
• fcli tool: New run commands for directly running installed tools through fcli (2a9e69e)
• fcli: New --style option to allow for overriding default output styles (2a9e69e)
• fcli:--output option: Removed some output formats, partially replaced by new --style option (2a9e69e)

Bug Fixes

• fcli fod action: gitlab-sast-report: Output empty string instead of null for description field (2a9e69e)
• fcli fod action: setup-release: Add tech stack and language level options (fixes #691) (#692) (2a9e69e)
• fcli fod app create: Allow for optional or numeric owner (fixes [#686](https://git...

v2.12.3

2.12.3 (2025-03-12)

Bug Fixes

• Refreshed build with updated tool definitions (870e3cd)

Development Release - dev/v2.x branch

See Assets section below for latest build artifacts

v2.12.2

2.12.2 (2025-01-21)

Bug Fixes

• fcli fod action run github-sast-report: Add severity data to report (1e80d5e)
• fcli fod action run sarif-sast-report: Add severity data to report (1e80d5e)
• fcli ssc action run github-sast-report: Add severity data to report (1e80d5e)
• fcli ssc action run sarif-sast-report: Add severity data to report (1e80d5e)

v2.12.1

2.12.1 (2025-01-07)

Bug Fixes

• fcli ssc av create: --copy-from option now copies all attribute values (fixes #666) (5a32f3f)

v2.12.0

2.12.0 (2024-12-23)

Features

• fcli fod dast setup-website, fcli fod dast setup-workflow, fcli fod dast setup-api: Add --vpn option for specifying Fortify Connect network name (site-to-site VPN) to use (fixes #644) (8e38b94)
• fcli fod mast setup, fcli fod mast get-config: Updates for new API (fixes #642) (8e38b94)
• fcli tool sc-client install: Add options to install compatible JRE (85bc662)

Bug Fixes

• fcli fod action run release-summary: Improve/simply based on FoD 24.4 API changes (8e38b94)
• fcli fod release update: Add "Retired" option fo --sdlc-status (fixes #642) (8e38b94)
• fcli fod action run release-summary update (fixes #639) (b7e16c4)