v2.5.3

2.5.3 (2024-08-30)

Bug Fixes

• Fix error on fcli ssc session login command on older SSC versions (fixes #584) (d028052)

v2.5.2

2.5.2 (2024-08-21)

Bug Fixes

• FoD/SSC: Improve github-pr-comment action output (694e7ae)
• SSC: Fix application version link in appversion-summary & bitbucket-sast-report actions (4f40a04)

v2.5.1

2.5.1 (2024-08-14)

Bug Fixes

• fcli fod mast-scan start: Add --platform option as required by current FoD API (7703939)
• fcli fod mast-scan start: Fix description for --file option (7703939)

v2.5.0

2.5.0 (2024-08-13)

Features

• fcli ssc appversion create: Allow for copying attributes & user access (667ba4f)
• FoD: Debricked SBOM Export/Import (resolves #560) (aac8e10)

Bug Fixes

• fcli fod issue list: Add --include option to allow for retrieving fixed and/or suppressed issues (fixes #545) (01c2ac2)
• fcli ssc issue list: Add --include option to allow for retrieving hidden, fixed and/or suppressed issues (318ca98)
• fcli fod action run release-summary fails parsing scan dates (fixes fortify#569) (#570) (9ed8032)
• Fix exception in github-sast-report & sarif-sast-report actions if there are no SAST issues to be processed (01bce49)
• No longer require user credentials on SSC, SC-SAST & SC-DAST logout commands (requires SSC 24.2+) (cb7867b)
• NullPointerException in fcli fod *ast-scan get (fixes #553) (f2eab9c)
• Pass non-default session name to fcli: action statements (fixes #555) (8b762e2)
• Update copyright statement to 2024 (833c607)
• Update release-summary action to include OSS (resolves #561) (aac8e10)
• When authenticating with an SSC authentication token, the SSC, SC-SAST & SC-DAST session commands will now display token expiration date (requires SSC 24.2+) (c2e66bc)
• When authenticating with an SSC authentication token, the SSC, SC-SAST & SC-DAST session login commands will now validate whether the given token is a valid token (c2e66bc)

v1.3.3

1.3.3 (2024-07-30)

Bug Fixes

• Ignore unknown properties returned by FoD 24.3 to avoid fcli exceptions (fixes #566) (df8a9b1)

Development Release - v1.x branch

See Assets section below for latest build artifacts

v2.4.0

2.4.0 (2024-05-17)

Features

• IMPORTANT: From this point forward, the mac binary will be compiled for arm64 (Apple Silicon)
• Add fcli config public-key commands for managing trusted public keys (4dff325)
• Add fcli fod action commands for running a variety of yaml-based actions (4dff325)
• Add fcli fod issue list command (4dff325)
• Add fcli ssc action commands for running a variety of yaml-based actions (4dff325)
• Add fcli ssc issue list command (4dff325)
• Add actions for generating application version/release summary (4dff325)
• Add actions for generating BitBucket, GitHub, GitLab, SARIF and SonarQube vulnerability reports (4dff325)
• Add preview actions for generating GitHub Pull Request comments (4dff325)
• Add sample actions for checking security policy criteria (4dff325)
• Migrate FortifyVulnerabilityExporter functionality to yaml-based fcli actions (4dff325)

Bug Fixes

• fcli ssc appversion create: Command will now fail instead of creating uncommitted application version if the application version specified on --copy-from option does not exist (4dff325)
• FoD: Update wait-for commands to use internal API (closes #526, #500) (4dff325)

v2.3.0

2.3.0 (2024-03-05)

Features

• Add support for configuring proxy settings through conventional environment variables HTTP_PROXY, HTTPS_PROXY, ALL_PROXY & NO_PROXY (used if proxy is not explicitly configured through 'fcli config proxy' commands) (881adbd)

v2.2.0

2.2.0 (2024-02-05)

Features

• fcli fod: Add fcli fod report commands for creating and downloading FoD reports (resolves #263) (5796379)
• fcli fod: Add preview commands for starting and managing DAST Automated scans (db898ee)
• fcli ssc: Add fcli ssc report commands for generating, downloading & managing SSC reports (resolves #205) (60e7855)
• fcli tool: Add fcli tool * install --base-dir option to specify the base directory under which all tools will be installed. By default, fcli will now also install tool invocation scripts in a global <base-dir>/bin directory, unless the --no-global-bin option is specified. This allows for having a single bin-directory on the PATH, while managing the actual tool versions being invoked through the fcli tool * install commands. (e2db51d)
• fcli tool: Add fcli tool * install --uninstall option to remove existing tool installations while installing a new tool version, allowing for easy tool upgrades. (e2db51d)
• fcli tool: Add fcli tool debricked-cli commands for installing Debricked CLI and managing those installations. (e2db51d)
• fcli tool: Add fcli tool definitions commands, allowing tool definitions to be updated to make fcli aware of new tool versions that were released after the current fcli release. Customers may also host customized tool definitions, for example allowing for alternative tool download URLs or restricting the set of tool versions available to end users. (e2db51d)
• fcli tool: Add fcli tool fcli commands for installing Fortify CLI and managing those installations. (e2db51d)
• fcli tool: By default, the fcli tool * install commands will now install tools under the <user.home>/fortify/tools base directory (no dot/hidden directory), instead of <user.home>/.fortify/tools (e2db51d)
• fcli tool: Deprecate fcli tool * install --install-dir option; the new --base-dir option is now preferred as it supports new functionality like global bin-scripts. (e2db51d)

Bug Fixes

• fcli ssc: The --attributes option on fcli ssc appversion * and fcli ssc attribute * commands now supports setting multiple values for an attribute (bd3fd62)

v2.1.0

2.1.0 (2023-11-21)

Features

• fcli ssc appversion create: Add options for copying existing application version (75461db)
• Add fcli ssc appversion copy-state command (75461db)
• Add fcli system-state wait-for-job command (75461db)

Bug Fixes

• rename new SSC_URL PROJECT_VERSION_ACTION-> PROJECT_VERSIONS_ACTION (55178be)