2.9.1 (2024-11-07)
fcli ssc action run appversion-summary
: Add note about removed issue count (0c93649)fcli ssc action run appversion-summary
: Fix exception if application version has artifacts with 0 issues (fixes #633) (c89817d)
2.9.0 (2024-10-30)
fcli fod action run setup-release
: Add support for creating parent application & microservice if not existing (9e3a8fd)fcli fod release create
: Add support for creating parent application & microservice if not existing (576b620)fcli fod release create
: Ignore--copy-from
if equal to release being created (576b620)fcli fod release create
: Ignore--copy-from
if first release on new application (576b620)fcli fod release create
: Throw user-friendly error when trying to copy release from different application (576b620)
- Improve parsing of boolean action parameters (d3b6f4c)
2.8.0 (2024-10-25)
fcli sc-sast scan start
: Add support for passing scan arguments through--sargs
option (resolves #449) (#627) (7920a40)- Add
fcli fod release wait-for
command to wait for release(s) to leave suspended state (resolves #624) (0cdde30)
fcli fod action run setup-release
: AddDevelopment
default value for--sdlc-status
(9a1b1bf)fcli fod action run setup-release
: Wait for release to exit suspended state (07d0914)- Fix fcli command links in action documentation (fixes #622) (fecf423)
2.7.1 (2024-09-27)
- Fix fcli completion script sourcing error (fixes #580) (4ff86f4)
- FoD
release-summary
action: Fix potential SpEL exception for releases with open-source scans enabled (fixes #612) (5260bc8) - Improve synopsis order (fixes #133) (78b530c)
- Show proper syntax for
--store
option in help output (fixes #613) (cac574d)
2.7.0 (2024-09-25)
fcli fod release create
: Support release attributes (fixes fortify#592) (3727329)fcli fod sast-scan setup
: Add--skip-if-exists
option (edcece5)fcli fod sast-scan setup
: Add--use-aviator
option (fixes fortify#594) (013af6f)fcli fod sast-scan setup
: Set--technology-stack
toAuto Detect
by default (fixes #595) (852d7bf)fcli sc-sast scan start
: Add option to select sensor pool for the scan (d071d25)fcli ssc appversion copy-state
: Add--refresh-timeout
option (89cf435)fcli ssc appversion create
: Add--refresh-timeout
option (89cf435)- Add
fcli sc-sast sensor-pool list
command (77fcc1c) - Add FoD setup-release action (4ab86c0)
- Add SSC setup-appversion action (e3a273c)
- FoD & SSC: Add aws-sast-report actions to enable integrating Fortify results with AWS Security Hub (#559) (dc79095)
fcli fod app update
: Ignore release attributes if included in--attrs
option (fixes fortify#604) (e2077b9)fcli fod release create
: Ignore application attributes if included in--attrs
option (fixes fortify#604) (e2077b9)fcli fod release update
: Ignore application attributes if included in--attrs
option (fixes fortify#604) (e2077b9)fcli ssc appversion refresh-metrics
: Allow forfcli state wait-for-job ::var::
to be invoked without errors even if no refresh was required (89cf435)- Increase issue limit for
github-sast-report
to match current GitHub limits (3a2d489)
2.6.0 (2024-09-09)
- Publish fortifydocker/fcli image (c72487d)
fcli fod action run *-sast-report
: Warn instead of fail if scan summary is not (yet) available from FoD (077157f)- FoD: Improve help output for
fcli fod *-scan wait-for
commands (#587) (937baf5) - Work-around for user.home in Docker images (9c6a56c)
2.5.3 (2024-08-30)
2.5.2 (2024-08-21)
- FoD/SSC: Improve
github-pr-comment
action output (694e7ae) - SSC: Fix application version link in
appversion-summary
&bitbucket-sast-report
actions (4f40a04)
2.5.1 (2024-08-14)
fcli fod mast-scan start
: Add--platform
option as required by current FoD API (7703939)fcli fod mast-scan start
: Fix description for--file
option (7703939)
2.5.0 (2024-08-13)
fcli ssc appversion create
: Allow for copying attributes & user access (667ba4f)- FoD: Debricked SBOM Export/Import (resolves #560) (aac8e10)
fcli fod issue list
: Add--include
option to allow for retrievingfixed
and/orsuppressed
issues (fixes #545) (01c2ac2)fcli ssc issue list
: Add--include
option to allow for retrievinghidden
,fixed
and/orsuppressed
issues (318ca98)- fcli fod action run release-summary fails parsing scan dates (fixes fortify#569) (#570) (9ed8032)
- Fix exception in
github-sast-report
&sarif-sast-report
actions if there are no SAST issues to be processed (01bce49) - No longer require user credentials on SSC, SC-SAST & SC-DAST logout commands (requires SSC 24.2+) (cb7867b)
- NullPointerException in
fcli fod *ast-scan get
(fixes #553) (f2eab9c) - Pass non-default session name to fcli: action statements (fixes #555) (8b762e2)
- Update copyright statement to 2024 (833c607)
- Update release-summary action to include OSS (resolves #561) (aac8e10)
- When authenticating with an SSC authentication token, the SSC, SC-SAST & SC-DAST session commands will now display token expiration date (requires SSC 24.2+) (c2e66bc)
- When authenticating with an SSC authentication token, the SSC, SC-SAST & SC-DAST session login commands will now validate whether the given token is a valid token (c2e66bc)
2.4.0 (2024-05-17)
- Add
fcli config public-key
commands for managing trusted public keys (4dff325) - Add
fcli fod action
commands for running a variety of yaml-based actions (4dff325) - Add
fcli fod issue list
command (4dff325) - Add
fcli ssc action
commands for running a variety of yaml-based actions (4dff325) - Add
fcli ssc issue list
command (4dff325) - Add actions for generating application version/release summary (4dff325)
- Add actions for generating BitBucket, GitHub, GitLab, SARIF and SonarQube vulnerability reports (4dff325)
- Add preview actions for generating GitHub Pull Request comments (4dff325)
- Add sample actions for checking security policy criteria (4dff325)
- Migrate FortifyVulnerabilityExporter functionality to yaml-based fcli actions (4dff325)
fcli ssc appversion create
: Command will now fail instead of creating uncommitted application version if the application version specified on--copy-from
option does not exist (4dff325)- FoD: Update
wait-for
commands to use internal API (closes #526, #500) (4dff325)
2.3.0 (2024-03-05)
- Add support for configuring proxy settings through conventional environment variables HTTP_PROXY, HTTPS_PROXY, ALL_PROXY & NO_PROXY (used if proxy is not explicitly configured through 'fcli config proxy' commands) (881adbd)
2.2.0 (2024-02-05)
fcli fod
: Addfcli fod report
commands for creating and downloading FoD reports (resolves #263) (5796379)fcli fod
: Add preview commands for starting and managing DAST Automated scans (db898ee)fcli ssc
: Addfcli ssc report
commands for generating, downloading & managing SSC reports (resolves #205) (60e7855)fcli tool
: Addfcli tool * install --base-dir
option to specify the base directory under which all tools will be installed. By default, fcli will now also install tool invocation scripts in a global<base-dir>/bin
directory, unless the--no-global-bin
option is specified. This allows for having a single bin-directory on thePATH
, while managing the actual tool versions being invoked through thefcli tool * install
commands. (e2db51d)fcli tool
: Addfcli tool * install --uninstall
option to remove existing tool installations while installing a new tool version, allowing for easy tool upgrades. (e2db51d)fcli tool
: Addfcli tool debricked-cli
commands for installing Debricked CLI and managing those installations. (e2db51d)fcli tool
: Addfcli tool definitions
commands, allowing tool definitions to be updated to make fcli aware of new tool versions that were released after the current fcli release. Customers may also host customized tool definitions, for example allowing for alternative tool download URLs or restricting the set of tool versions available to end users. (e2db51d)fcli tool
: Addfcli tool fcli
commands for installing Fortify CLI and managing those installations. (e2db51d)fcli tool
: By default, thefcli tool * install
commands will now install tools under the<user.home>/fortify/tools
base directory (no dot/hidden directory), instead of<user.home>/.fortify/tools
(e2db51d)fcli tool
: Deprecatefcli tool * install --install-dir
option; the new--base-dir
option is now preferred as it supports new functionality like global bin-scripts. (e2db51d)
fcli ssc
: The--attributes
option onfcli ssc appversion *
andfcli ssc attribute *
commands now supports setting multiple values for an attribute (bd3fd62)
2.1.0 (2023-11-21)
fcli ssc appversion create
: Add options for copying existing application version (75461db)- Add
fcli ssc appversion copy-state
command (75461db) - Add
fcli system-state wait-for-job
command (75461db)
- rename new SSC_URL
PROJECT_VERSION_ACTION
->PROJECT_VERSIONS_ACTION
(55178be)
2.0.0 (2023-10-25)
- Core: Most commands/options now use case-sensitive matching to avoid inconsistent behavior between server-side and client-side matching
- Core: Change fcli variable syntax & behavior for easier use
- Core: Change query expression syntax to allow for advanced queries
- Core: Restructure fcli home/data directories. Configuration & session data stored by earlier fcli versions will not be available after upgrading, and will not be automatically removed. It's recommended to manually delete the
~/.fortify/fcli
folder when upgrading, and then use the new fcli version to re-apply configuration settings. - Core: Change environment variable names for better clarity and avoiding conflicts with other Fortify command-line utilities
- Core: The .jar version of fcli now requires Java 17 or higher to run
fcli config
: Restructure command tree & options for consistency & ease of usefcli config
: Move variable-related commands tofcli util
fcli fod
: Restructure existing commands & options for consistency & ease of usefcli sc-dast
: Minor restructuring of command tree & options for consistency & ease of usefcli sc-sast
: Minor restructuring of command options for consistency & ease of usefcli ssc
: Restructure existing commands & options for consistency & ease of usefcli tool
: Minor restructuring of command options for consistency & ease of use
fcli config
: Move variable-related commands tofcli util
(ae7ad75)fcli config
: Restructure command tree & options for consistency & ease of use (ae7ad75)fcli fod
: Fixes, usability improvements & new commands for managing applications, microservices, releases, scans & scan results (ae7ad75)fcli fod
: Move out of preview mode, now officially supported (ae7ad75)fcli fod
: Restructure existing commands & options for consistency & ease of use (ae7ad75)fcli fod
: Various other fixes & usability improvements (ae7ad75)fcli license
: New command, adding support for generating MSP & NCD license usage reports (ae7ad75)fcli sc-dast
: Minor restructuring of command tree & options for consistency & ease of use (ae7ad75)fcli sc-dast
: Various fixes & usability improvements (ae7ad75)fcli sc-sast
: Minor restructuring of command options for consistency & ease of use (ae7ad75)fcli sc-sast
: New command for listing ScanCentral SAST sensors (ae7ad75)fcli sc-sast
: Various fixes & usability improvements (ae7ad75)fcli ssc
: Add support for applying filters on issue counts (ae7ad75)fcli ssc
: Add support for embedding additional data onfcli ssc appversion get/list
commands (ae7ad75)fcli ssc
: New commands for creating local users, refreshing metrics, listing rule packs & listing SSC configuration settings (ae7ad75)fcli ssc
: New commands for managing performance indicators & variables (PREVIEW) (ae7ad75)fcli ssc
: Restructure existing commands & options for consistency & ease of use (ae7ad75)fcli ssc
: Various other fixes & usability improvements (ae7ad75)fcli tool
: Add support for FortifyBugTrackerUtility (ae7ad75)fcli tool
: Improve tool version & digest handling (ae7ad75)fcli tool
: Minor restructuring of command options for consistency & ease of use (ae7ad75)fcli util
: Add variable-related commands (moved fromfcli config
) (ae7ad75)fcli util
: Add various other utility commands (ae7ad75)- Core: Add support for interactive confirmation on commands that require confirmation (ae7ad75)
- Core: Change environment variable names for better clarity and avoiding conflicts with other Fortify command-line utilities (ae7ad75)
- Core: Change fcli variable syntax & behavior for easier use (ae7ad75)
- Core: Change query expression syntax to allow for advanced queries (ae7ad75)
- Core: Restructure fcli home/data directories. Configuration & session data stored by earlier fcli versions will not be available after upgrading, and will not be automatically removed. It's recommended to manually delete the
~/.fortify/fcli
folder when upgrading, and then use the new fcli version to re-apply configuration settings. (ae7ad75) - Core: The .jar version of fcli now requires Java 17 or higher to run (ae7ad75)
- Core: Most commands/options now use case-sensitive matching to avoid inconsistent behavior between server-side and client-side matching (ae7ad75)
- Core: Various bug fixes and many other improvements (ae7ad75)
1.3.2 (2023-10-12)
fcli tool vuln-exporter install
: Add support for latest (2.0.4) version (a44ddc3)
1.3.1 (2023-09-20)
fcli tool sc-client install
: Add support for latest (23.1.0) version (93af1c6)fcli tool vuln-exporter install
: Add support for latest (2.0.3) version (c7d4af6)
1.3.0 (2023-08-18)
- Configurable connect & socket timeout (3015bb5)
1.2.5 (2023-04-07)
fcli tool vuln-exporter install
: Add support for latest (2.0.2) version (e0ce21a)
1.2.4 (2023-04-07)
fcli tool vuln-exporter install
: Add support for latest (2.0.1) version (9c34f73)
1.2.3 (2023-03-09)
fcli ssc appversion-artifact download
: Include externalmetadata.xml in current state FPR download by passing arbitrary clientVersion parameter to SSC (fixes #257) (2694ffe)
1.2.2 (2023-03-05)
fcli tool sc-client install
: Add support for latest (22.2.1) version (38e93eb)
1.2.1 (2023-03-05)
1.2.0 (2023-02-09)
- FoD: Add
fod sast-scan setup
(implements #225) (e556f1e) - FoD: Added functionality for user CRUD (implements #245) (818622a)
- FoD: Added functionality for user group CRUD (implements #246) (818622a)
fcli tool vuln-exporter install
: Add support for latest (2.0.0) version (d7ccaea)
1.1.0 (2023-01-19)
- Add support for configuring custom SSL trust store (fixes #221) (2732e37)
- SSC: Add support for importing Debricked results (e2a6f1e)
fcli * session login
: Improve error output on previous session logout failure (fixes #219) (86b0868)fcli sc-dast session login
: Require SSC credentials to be specified (fixes #223) (ea049ec)fcli sc-sast scan start
:NullPointerException
instead of proper error message if no options provided (fixes #232) (1efa62b)fcli sc-sast session login
: Improve usage help for--client-auth-token
and explicitly check token validity (fixes #230) (ce6324b)fcli sc-sast session login
: Require SSC credentials to be specified (fixes #222) (b252069)- Fix NoSuchFileExceptions if FCLI_HOME or FORTIFY_HOME set to relative directory (fixes #227) (2ef6b21)
- Fix NullPointerException if no module(s) configured for proxy (fixes #228) (11ec6e1)
- Improve help output for
-h
option (fixes #217) (f2e47b0) - Improve output of session commands to provide better consistency with other CRUD commands (fixes #220) (153f96e)
- SSL verification was incorrectly disabled by default and enabled by
-k
option (fixes #231) (7fa56c3)
1.0.5 (2023-01-11)
1.0.4 (2023-01-03)
fcli sc-sast scan start
: Accept both encoded or decoded token for--ssc-ci-token
option (fixes #215) (1c0ba17)- Improve interactive prompts (fixes #213) (ad15067)
1.0.3 (2022-12-22)
fcli config var def list
: Show created date as last accessed date if variable contents haven't been read yet (fixes #207) (302c9ca)fcli sc-dast sensor enable/disable
: Fix HostNotFoundException due to hidden non-ASCII characters in endpoint URI (fixes #212) (ca65080)fcli ssc appversion-vuln count
: Add missing-q
option (fixes #209) (cdb2849)- Better description of default behavior for boolean options (fixes #206) (903c1c4)
- Fix ANSI (color) codes on Windows (05e159e)
1.0.2 (2022-12-16)
1.0.1 (2022-12-15)
fcli ssc app update
: Fix 'application not found' error when updating app name (fixes #166) (f8ebad6)fcli ssc appversion update
: Fix application name not shown in output (fixes #183) (32f130b)fcli ssc appversion update
: Fix exception if no --userdel option is specified (fixes #175) (c7ebb98)fcli ssc appversion-artifact download
:--no-include-sources
now available for both application file and individual FPR download (fixes #173) (216ac2a)fcli ssc appversion-artifact download
: HTTP 500 error when downloading application file (216ac2a)fcli ssc appversion-artifact upload
: Improve usage message for--engine-type
option (fixes #176) (6cc775e)fcli ssc attribute-definition get
: Allow category prefix when specifying guid (fixes #186) (7b02f61)fcli ssc issue-template create
: Display 'Default template=true' if--set-as-default
specified (fixes #180) (6f2101e)fcli ssc issue-template delete
: Fix issue templates not being deleted (fixes #182) (0b55974)fcli ssc issue-template update
: Fix 'issue template not found' error when updating issue template name (fixes #181) (a6002b1)fcli ssc plugin
: Fix "No serializer" errors (fixes #187, fixes #188) (88d8886)fcli ssc role create
: Allow comma-separated list of permission id's (fixes #190) (1426116)fcli ssc role delete
: Fix role not being deleted (fixes #191) (e329c89)fcli ssc token update
: Improve usage message (fixes #177) (8e8b924)fcli ssc token
: Make output more consistent with SSC UI (fixes #194) (35523cc)fcli tool sc-client install
: Add support for latest (22.2.0) version (fixes #179) (dac4b37)
- release 1.0.0 (d983f62)