Changelog
Version 5.1.0 (September 11, 2024)
- Fortify Application ID can now be used to map JSON instead of the application name
- Added support for synchronizing all violation categories, not only security
- Uploads of reports generated by continuous monitoring will be skipped if the data is identical to the previously uploaded report
- Fortify Audit Details are now clickable links for Fortify versions 23.0 and later
- Included license information for the report in the synchronized artifact. This can be configured via the include.license.information property
Version 5.0.1 (May 22, 2024)
- Resolved issue that sometimes caused a Null Pointer Exception during synchronization of violations for custom policies
Version 5.0.0 (Apr 22, 2024)
- Consolidated artifact and suppression upload into a single call
Version 4.3.1 (Feb 22, 2024)
- Memory usage optimizations
Version 4.3.0 (Oct 27, 2023)
- Memory usage optimizations
Version 4.2.13 (Aug 22, 2023)
- Added a new endpoint for triggering synchronization for a given project on-demand
Version 4.2.12 (Jun 26, 2023)
- CVSS scores when only Sonatype CVSS Score Exists fixed
Version 4.2.11 (Jun 20, 2023)
- CVSS scores being printed in wrong fields bug fixed
- Enhanced Logging
Version 4.2.10 (May 24, 2023)
- Bug fix related to fetching most recent report from the IQ Server
- Overall performance improvements
Version 4.2.9 (May 2, 2023)
- Bug fix for fetching all issues from Fortify SSC
Version 4.2.8 (Mar 6, 2023)
- Addition of configuration flag
loadfile.cache which can be set to false to prevent IQ reports from being cached
Version 4.2.7 (Feb 13, 2023)
- Performance Improvements: mapping files are now processed in parallel and the process is now up to 10x faster
Version 4.2.6 (Nov 29, 2022)
- Handled null pointer exceptions caused by potentially null fields found while scanning composer format components
Version 4.2.5 (Oct 12, 2022)
- Allow blanks and special characters in names of Fortify applications mappings
Version 4.2.4 (Oct 7, 2022)
- Updating artifacts upload logic to upload when:
- An external policy evaluation is triggered e.g. via IQ CLI, CI pipelines
- Continuous monitoring identifies a new policy violation
Version 4.2.3 (Sep 26, 2022)
- Reduced log verbosity of non-fatal errors
Version 4.2.2 (Aug 12, 2022)
- The IQ Fortify SSC Integration works with a large number of applications (bug fix)
- The IQ Fortify SSC Integration is compatible with Fortify SSC 22.1.2
Version 4.2.0 (Apr 7, 2022)
- Skip upload to SSC for reports generated by Continuous Monitoring (unless changes are detected)
- Improved logs to make them less verbose and easier to read
- Added support to read login credentials from environment variables
- Added support for synchronization with IQ Webhooks
- Updated Spring boot from version 2.5.6 to 2.6.6 in response to CVE-2022-22965
Version 4.1.0 (Feb 24, 2022)
- Updated Sonatype rulepack to include OWASP top 10 2021 vulnerabilities
- Restored
logfile.location and loglevel properties
- Restored
killServer property
- Removed
forceUpload - artifact update is now handled internally
- SSC artifacts will always be updated with every sync, even when no changes have been detected in scan results
- Deprecation notice: forceUpload flag is deprecated and has no impact in the process
Version 4.0.2 (Dec 20, 2021)
- Updated to the latest log4j version for security purposes
Version 4.0.1 (Dec 17, 2021)
- Architectural improvements
- Performance improvements
- Support for project ids of type long