Core: Most commands/options now use case-sensitive matching to avoid inconsistent behavior between server-side and client-side matching
Core: Change fcli variable syntax & behavior for easier use
Core: Change query expression syntax to allow for advanced queries
Core: Restructure fcli home/data directories. Configuration & session data stored by earlier fcli versions will not be available after upgrading, and will not be automatically removed. It's recommended to manually delete the ~/.fortify/fcli folder when upgrading, and then use the new fcli version to re-apply configuration settings.
Core: Change environment variable names for better clarity and avoiding conflicts with other Fortify command-line utilities
Core: The .jar version of fcli now requires Java 17 or higher to run
fcli config: Restructure command tree & options for consistency & ease of use
fcli config: Move variable-related commands to fcli util
fcli fod: Restructure existing commands & options for consistency & ease of use
fcli sc-dast: Minor restructuring of command tree & options for consistency & ease of use
fcli sc-sast: Minor restructuring of command options for consistency & ease of use
fcli ssc: Restructure existing commands & options for consistency & ease of use
fcli tool: Minor restructuring of command options for consistency & ease of use
Features
fcli config: Move variable-related commands to fcli util (ae7ad75)
fcli config: Restructure command tree & options for consistency & ease of use (ae7ad75)
fcli fod: Add fcli fod report commands for creating and downloading FoD reports (resolves #263) (5796379)
fcli fod: Add preview commands for starting and managing DAST Automated scans (db898ee)
fcli fod: Fixes, usability improvements & new commands for managing applications, microservices, releases, scans & scan results (ae7ad75)
fcli fod: Move out of preview mode, now officially supported (ae7ad75)
fcli fod: Restructure existing commands & options for consistency & ease of use (ae7ad75)
fcli fod: Various other fixes & usability improvements (ae7ad75)
fcli license: New command, adding support for generating MSP & NCD license usage reports (ae7ad75)
fcli sc-dast: Minor restructuring of command tree & options for consistency & ease of use (ae7ad75)
fcli sc-dast: Various fixes & usability improvements (ae7ad75)
fcli sc-sast: Minor restructuring of command options for consistency & ease of use (ae7ad75)
fcli sc-sast: New command for listing ScanCentral SAST sensors (ae7ad75)
fcli sc-sast: Various fixes & usability improvements (ae7ad75)
fcli ssc appversion create: Add options for copying existing application version (75461db)
fcli ssc appversion create: Allow for copying attributes & user access (667ba4f)
fcli ssc: Add support for applying filters on issue counts (ae7ad75)
fcli ssc: Add support for embedding additional data on fcli ssc appversion get/list commands (ae7ad75)
fcli ssc: New commands for creating local users, refreshing metrics, listing rule packs & listing SSC configuration settings (ae7ad75)
fcli ssc: New commands for managing performance indicators & variables (PREVIEW) (ae7ad75)
fcli ssc: Restructure existing commands & options for consistency & ease of use (ae7ad75)
fcli ssc: Various other fixes & usability improvements (ae7ad75)
fcli tool: Add fcli tool * install --base-dir option to specify the base directory under which all tools will be installed. By default, fcli will now also install tool invocation scripts in a global <base-dir>/bin directory, unless the --no-global-bin option is specified. This allows for having a single bin-directory on the PATH, while managing the actual tool versions being invoked through the fcli tool * install commands. (e2db51d)
fcli tool: Add fcli tool * install --uninstall option to remove existing tool installations while installing a new tool version, allowing for easy tool upgrades. (e2db51d)
fcli tool: Add fcli tool debricked-cli commands for installing Debricked CLI and managing those installations. (e2db51d)
fcli tool: Add fcli tool definitions commands, allowing tool definitions to be updated to make fcli aware of new tool versions that were released after the current fcli release. Customers may also host customized tool definitions, for example allowing for alternative tool download URLs or restricting the set of tool versions available to end users. (e2db51d)
fcli tool: Add fcli tool fcli commands for installing Fortify CLI and managing those installations. (e2db51d)
fcli tool: Add support for FortifyBugTrackerUtility (ae7ad75)
fcli tool: By default, the fcli tool * install commands will now install tools under the <user.home>/fortify/tools base directory (no dot/hidden directory), instead of <user.home>/.fortify/tools (e2db51d)
fcli tool: Deprecate fcli tool * install --install-dir option; the new --base-dir option is now preferred as it supports new functionality like global bin-scripts. (e2db51d)
fcli tool: Improve tool version & digest handling (ae7ad75)
fcli tool: Minor restructuring of command options for consistency & ease of use (ae7ad75)
fcli util: Add variable-related commands (moved from fcli config) (ae7ad75)
fcli util: Add various other utility commands (ae7ad75)
Add fcli config public-key commands for managing trusted public keys (4dff325)
Add fcli fod action commands for running a variety of yaml-based actions (4dff325)
Add actions for generating application version/release summary (4dff325)
Add actions for generating BitBucket, GitHub, GitLab, SARIF and SonarQube vulnerability reports (4dff325)
Add preview actions for generating GitHub Pull Request comments (4dff325)
Add sample actions for checking security policy criteria (4dff325)
Add support for configuring custom SSL trust store (fixes #221) (2732e37)
Add support for configuring proxy settings through conventional environment variables HTTP_PROXY, HTTPS_PROXY, ALL_PROXY & NO_PROXY (used if proxy is not explicitly configured through 'fcli config proxy' commands) (881adbd)
Added functionality for user CRUD (implements #245) (a373560)
Added functionality for user group CRUD (implements #246) (a373560)
Core: Add support for interactive confirmation on commands that require confirmation (ae7ad75)
Core: Change environment variable names for better clarity and avoiding conflicts with other Fortify command-line utilities (ae7ad75)
Core: Change fcli variable syntax & behavior for easier use (ae7ad75)
Core: Change query expression syntax to allow for advanced queries (ae7ad75)
Core: Restructure fcli home/data directories. Configuration & session data stored by earlier fcli versions will not be available after upgrading, and will not be automatically removed. It's recommended to manually delete the ~/.fortify/fcli folder when upgrading, and then use the new fcli version to re-apply configuration settings. (ae7ad75)
Core: The .jar version of fcli now requires Java 17 or higher to run (ae7ad75)
FoD: Add fod sast-scan setup (implements #225) (f7d718d)
FoD: Add fod sast-scan setup (implements #225) (e556f1e)
FoD: Added functionality for user CRUD (implements #245) (818622a)
FoD: Added functionality for user group CRUD (implements #246) (818622a)
fcli config var def list: Show created date as last accessed date if variable contents haven't been read yet (fixes #207) (302c9ca)
fcli fod issue list: Add --include option to allow for retrieving fixed and/or suppressed issues (fixes #545) (01c2ac2)
fcli sc-dast sensor enable/disable: Fix HostNotFoundException due to hidden non-ASCII characters in endpoint URI (fixes #212) (ca65080)
fcli sc-dast session login: Require SSC credentials to be specified (fixes #223) (ea049ec)
fcli sc-sast scan start: NullPointerException instead of proper error message if no options provided (fixes #232) (1efa62b)
fcli sc-sast scan start: Accept both encoded or decoded token for --ssc-ci-token option (fixes #215) (1c0ba17)
fcli sc-sast session login: Improve usage help for --client-auth-token and explicitly check token validity (fixes #230) (ce6324b)
fcli sc-sast session login: Require SSC credentials to be specified (fixes #222) (b252069)
fcli ssc app update: Fix 'application not found' error when updating app name (fixes #166) (f8ebad6)
fcli ssc appversion create: Command will now fail instead of creating uncommitted application version if the application version specified on --copy-from option does not exist (4dff325)
fcli ssc appversion update: Fix application name not shown in output (fixes #183) (32f130b)
fcli ssc appversion update: Fix exception if no --userdel option is specified (fixes #175) (c7ebb98)
fcli ssc appversion-artifact download: --no-include-sources now available for both application file and individual FPR download (fixes #173) (216ac2a)
fcli ssc appversion-artifact download: Include externalmetadata.xml in current state FPR download by passing arbitrary clientVersion parameter to SSC (fixes #257) (2694ffe)
fcli ssc token: Make output more consistent with SSC UI (fixes #194) (35523cc)
fcli ssc: The --attributes option on fcli ssc appversion * and fcli ssc attribute * commands now supports setting multiple values for an attribute (bd3fd62)
fcli tool sc-client install: Add support for latest (22.2.0) version (fixes #179) (dac4b37)
fcli tool sc-client install: Add support for latest (22.2.1) version (38e93eb)
fcli tool sc-client install: Add support for latest (23.1.0) version (93af1c6)
fcli tool vuln-exporter install: Add support for latest (2.0.0) version (d7ccaea)
fcli tool vuln-exporter install: Add support for latest (2.0.1) version (9c34f73)
fcli tool vuln-exporter install: Add support for latest (2.0.2) version (e0ce21a)
fcli tool vuln-exporter install: Add support for latest (2.0.3) version (c7d4af6)
fcli tool vuln-exporter install: Add support for latest (2.0.4) version (a44ddc3)
Better description of default behavior for boolean options (fixes #206) (903c1c4)
Core: Most commands/options now use case-sensitive matching to avoid inconsistent behavior between server-side and client-side matching (ae7ad75)
Core: Various bug fixes and many other improvements (ae7ad75)
Custom trust store ignored by native binaries (fixes #253) (a0af875)
fcli fod action run release-summary fails parsing scan dates (fixes fortify#569) (#570) (9ed8032)
Fix fcli --version not displaying version number in native binaries (fixes #112) (b3b48e6)
Update release-summary action to include OSS (resolves #561) (aac8e10)
When authenticating with an SSC authentication token, the SSC, SC-SAST & SC-DAST session commands will now display token expiration date (requires SSC 24.2+) (c2e66bc)
When authenticating with an SSC authentication token, the SSC, SC-SAST & SC-DAST session login commands will now validate whether the given token is a valid token (c2e66bc)
:robot: I have created a release beep boop
1.2.4 (2024-08-13)
⚠ BREAKING CHANGES
~/.fortify/fclifolder when upgrading, and then use the new fcli version to re-apply configuration settings.fcli config: Restructure command tree & options for consistency & ease of usefcli config: Move variable-related commands tofcli utilfcli fod: Restructure existing commands & options for consistency & ease of usefcli sc-dast: Minor restructuring of command tree & options for consistency & ease of usefcli sc-sast: Minor restructuring of command options for consistency & ease of usefcli ssc: Restructure existing commands & options for consistency & ease of usefcli tool: Minor restructuring of command options for consistency & ease of useFeatures
fcli config: Move variable-related commands tofcli util(ae7ad75)fcli config: Restructure command tree & options for consistency & ease of use (ae7ad75)fcli fod: Addfcli fod reportcommands for creating and downloading FoD reports (resolves #263) (5796379)fcli fod: Add preview commands for starting and managing DAST Automated scans (db898ee)fcli fod: Fixes, usability improvements & new commands for managing applications, microservices, releases, scans & scan results (ae7ad75)fcli fod: Move out of preview mode, now officially supported (ae7ad75)fcli fod: Restructure existing commands & options for consistency & ease of use (ae7ad75)fcli fod: Various other fixes & usability improvements (ae7ad75)fcli license: New command, adding support for generating MSP & NCD license usage reports (ae7ad75)fcli sc-dast: Minor restructuring of command tree & options for consistency & ease of use (ae7ad75)fcli sc-dast: Various fixes & usability improvements (ae7ad75)fcli sc-sast: Minor restructuring of command options for consistency & ease of use (ae7ad75)fcli sc-sast: New command for listing ScanCentral SAST sensors (ae7ad75)fcli sc-sast: Various fixes & usability improvements (ae7ad75)fcli ssc appversion create: Add options for copying existing application version (75461db)fcli ssc appversion create: Allow for copying attributes & user access (667ba4f)fcli ssc: Addfcli ssc reportcommands for generating, downloading & managing SSC reports (resolves #205) (60e7855)fcli ssc: Add support for applying filters on issue counts (ae7ad75)fcli ssc: Add support for embedding additional data onfcli ssc appversion get/listcommands (ae7ad75)fcli ssc: New commands for creating local users, refreshing metrics, listing rule packs & listing SSC configuration settings (ae7ad75)fcli ssc: New commands for managing performance indicators & variables (PREVIEW) (ae7ad75)fcli ssc: Restructure existing commands & options for consistency & ease of use (ae7ad75)fcli ssc: Various other fixes & usability improvements (ae7ad75)fcli tool: Addfcli tool * install --base-diroption to specify the base directory under which all tools will be installed. By default, fcli will now also install tool invocation scripts in a global<base-dir>/bindirectory, unless the--no-global-binoption is specified. This allows for having a single bin-directory on thePATH, while managing the actual tool versions being invoked through thefcli tool * installcommands. (e2db51d)fcli tool: Addfcli tool * install --uninstalloption to remove existing tool installations while installing a new tool version, allowing for easy tool upgrades. (e2db51d)fcli tool: Addfcli tool debricked-clicommands for installing Debricked CLI and managing those installations. (e2db51d)fcli tool: Addfcli tool definitionscommands, allowing tool definitions to be updated to make fcli aware of new tool versions that were released after the current fcli release. Customers may also host customized tool definitions, for example allowing for alternative tool download URLs or restricting the set of tool versions available to end users. (e2db51d)fcli tool: Addfcli tool fclicommands for installing Fortify CLI and managing those installations. (e2db51d)fcli tool: Add support for FortifyBugTrackerUtility (ae7ad75)fcli tool: By default, thefcli tool * installcommands will now install tools under the<user.home>/fortify/toolsbase directory (no dot/hidden directory), instead of<user.home>/.fortify/tools(e2db51d)fcli tool: Deprecatefcli tool * install --install-diroption; the new--base-diroption is now preferred as it supports new functionality like global bin-scripts. (e2db51d)fcli tool: Improve tool version & digest handling (ae7ad75)fcli tool: Minor restructuring of command options for consistency & ease of use (ae7ad75)fcli util: Add variable-related commands (moved fromfcli config) (ae7ad75)fcli util: Add various other utility commands (ae7ad75)fcli config public-keycommands for managing trusted public keys (4dff325)fcli fod actioncommands for running a variety of yaml-based actions (4dff325)fcli fod issue listcommand (4dff325)fcli ssc actioncommands for running a variety of yaml-based actions (4dff325)fcli ssc appversion copy-statecommand (75461db)fcli ssc issue listcommand (4dff325)fcli system-state wait-for-jobcommand (75461db)~/.fortify/fclifolder when upgrading, and then use the new fcli version to re-apply configuration settings. (ae7ad75)fod sast-scan setup(implements #225) (f7d718d)fod sast-scan setup(implements #225) (e556f1e)Bug Fixes
fcli * session login: Improve error output on previous session logout failure (fixes #219) (86b0868)fcli config var def list: Show created date as last accessed date if variable contents haven't been read yet (fixes #207) (302c9ca)fcli fod issue list: Add--includeoption to allow for retrievingfixedand/orsuppressedissues (fixes #545) (01c2ac2)fcli sc-dast sensor enable/disable: Fix HostNotFoundException due to hidden non-ASCII characters in endpoint URI (fixes #212) (ca65080)fcli sc-dast session login: Require SSC credentials to be specified (fixes #223) (ea049ec)fcli sc-sast scan start:NullPointerExceptioninstead of proper error message if no options provided (fixes #232) (1efa62b)fcli sc-sast scan start: Accept both encoded or decoded token for--ssc-ci-tokenoption (fixes #215) (1c0ba17)fcli sc-sast session login: Improve usage help for--client-auth-tokenand explicitly check token validity (fixes #230) (ce6324b)fcli sc-sast session login: Require SSC credentials to be specified (fixes #222) (b252069)fcli ssc app update: Fix 'application not found' error when updating app name (fixes #166) (f8ebad6)fcli ssc appversion create: Command will now fail instead of creating uncommitted application version if the application version specified on--copy-fromoption does not exist (4dff325)fcli ssc appversion update: Fix application name not shown in output (fixes #183) (32f130b)fcli ssc appversion update: Fix exception if no --userdel option is specified (fixes #175) (c7ebb98)fcli ssc appversion-artifact download:--no-include-sourcesnow available for both application file and individual FPR download (fixes #173) (216ac2a)fcli ssc appversion-artifact download: HTTP 500 error when downloading application file (216ac2a)fcli ssc appversion-artifact download: Include externalmetadata.xml in current state FPR download by passing arbitrary clientVersion parameter to SSC (fixes #257) (2694ffe)fcli ssc appversion-artifact upload: Improve usage message for--engine-typeoption (fixes #176) (6cc775e)fcli ssc appversion-vuln count: Add missing-qoption (fixes #209) (cdb2849)fcli ssc attribute-definition get: Allow category prefix when specifying guid (fixes #186) (7b02f61)fcli ssc issue list: Add--includeoption to allow for retrievinghidden,fixedand/orsuppressedissues (318ca98)fcli ssc issue-template create: Display 'Default template=true' if--set-as-defaultspecified (fixes #180) (6f2101e)fcli ssc issue-template delete: Fix issue templates not being deleted (fixes #182) (0b55974)fcli ssc issue-template update: Fix 'issue template not found' error when updating issue template name (fixes #181) (a6002b1)fcli ssc plugin: Fix "No serializer" errors (fixes #187, fixes #188) (88d8886)fcli ssc role create: Allow comma-separated list of permission id's (fixes #190) (1426116)fcli ssc role delete: Fix role not being deleted (fixes #191) (e329c89)fcli ssc token update: Improve usage message (fixes #177) (8e8b924)fcli ssc token: Make output more consistent with SSC UI (fixes #194) (35523cc)fcli ssc: The--attributesoption onfcli ssc appversion *andfcli ssc attribute *commands now supports setting multiple values for an attribute (bd3fd62)fcli tool sc-client install: Add support for latest (22.2.0) version (fixes #179) (dac4b37)fcli tool sc-client install: Add support for latest (22.2.1) version (38e93eb)fcli tool sc-client install: Add support for latest (23.1.0) version (93af1c6)fcli tool vuln-exporter install: Add support for latest (2.0.0) version (d7ccaea)fcli tool vuln-exporter install: Add support for latest (2.0.1) version (9c34f73)fcli tool vuln-exporter install: Add support for latest (2.0.2) version (e0ce21a)fcli tool vuln-exporter install: Add support for latest (2.0.3) version (c7d4af6)fcli tool vuln-exporter install: Add support for latest (2.0.4) version (a44ddc3)fcli --versionnot displaying version number in native binaries (fixes #112) (b3b48e6)github-sast-report&sarif-sast-reportactions if there are no SAST issues to be processed (01bce49)wait-forcommands to use internal API (closes #526, #500) (4dff325)-hoption (fixes #217) (f2e47b0)fcli fod *ast-scan get(fixes #553) (f2eab9c)PROJECT_VERSION_ACTION->PROJECT_VERSIONS_ACTION(55178be)-koption (fixes #231) (7fa56c3)Miscellaneous Chores
This PR was generated with Release Please. See documentation.