Micro Focus Fortify Software, Version 21.2.0

Release Notes


Document Release Date: November 2021, Latest Update 2/14/2022
Software Release Date: November 2021

IN THIS RELEASE

This document provides installation and upgrade notes, known issues, and workarounds that apply to release 21.2.0 of the Fortify product suite.

This information is not available elsewhere in the product documentation. For information on new features in this release, see What's New in Micro Focus Fortify Software 21.2.0, which is downloadable from the Micro Focus Product Documentation website:

https://www.microfocus.com/support/documentation.

FORTIFY DOCUMENTATION UPDATES

Accessing Fortify Documentation

The Fortify Software documentation set contains installation, user, and deployment guides. In addition, you will find technical notes and release notes that describe new features, known issues, and last-minute updates. You can access the latest HTML or PDF versions of these documents from the Micro Focus Product Documentation website:

https://www.microfocus.com/support/documentation.

If you have trouble accessing our documentation, please contact Fortify Customer Support.

INSTALLATION AND UPGRADE NOTES

Complete instructions for installing Fortify Software products are provided in the documentation for each product.

Fortify ScanCentral SAST

The ScanCentral SAST client must be installed on a machine with a Java 11 runtime.

Updating Security Content after a Fortify Software Security Center Upgrade

If you have upgraded your Fortify Software Security Center instance but you do not have the latest security content (Rulepacks and external metadata), some generated reports (related to 2011 CWE) might fail to produce accurate results. To solve this issue, update the security content. For instructions, see the Micro Focus Fortify Software Security Center User Guide.


USAGE NOTES FOR THIS RELEASE

There is a landing page (https://fortify.github.io/) for our consolidated (Fortify on Demand + Fortify On-Premise) GitHub repository. It contains links to engineering documentation and the code to several projects, including a parser sample, our plugin framework, and our JavaScript Sandbox Project.

Fortify Static Code Analyzer

The solution for projects that fall into these specific circumstances is to ensure that all dependencies are explicitly present in the classpath provided to sourceanalyzer.

Fortify Software Security Center

Fortify ScanCentral SAST

Fortify WebInspect, Fortify WebInspect Enterprise, and Fortify ScanCentral DAST

NOTE: The release date for WebInspect Enterprise version 21.2.0 is scheduled for the latter half of December 2021.

Fortify License and Infrastructure Manager

·         Existing License and Infrastructure Manager (LIM) users who want to use concurrent licensing for Fortify Static Code Analyzer must upgrade to LIM 21.2.0. Earlier versions of LIM do not support licensing for Fortify Static Code Analyzer.

 

KNOWN ISSUES

The following are known problems and limitations in Fortify Software 21.2.0. The problems are grouped according to the product area affected.

Fortify Software Security Center

This release has the following issues:

·         By default, Micro Focus Fortify Software Security Center blocks uploaded speed dial analysis results performed with a precision level less than four (full scan). However, you can configure your Fortify Software Security Center application version to process speed dial analysis results. To allow speed dial analysis results to be uploaded to Fortify Software Security Center, clear the ”Ignore SCA scans performed in Quick Scan” processing rule for your application version. Once you have made a choice between uploading a full scan or speed dial analysis results, Fortify recommends that future scan results for the application version be of the same type.

Fortify ScanCentral SAST

Fortify Static Code Analyzer

This release has the following issues:

Fortify Audit Workbench, Secure Code Plugins, and Tools

This release has the following issues:

Fortify ScanCentral DAST

This release has the following issue:

NOTICES OF PLANNED CHANGES

Note: For a list of technologies that will lose support in the next release, please see the “Technologies to Lose Support in the Next Release” topic in the Micro Focus Fortify Software System Requirements document. This section relates to features that will change or be removed in the near future.

Fortify Software Security Center

Fortify Static Code Analyzer

Fortify Audit Workbench, Secure Code Plugins, and Tools

Fortify WebInspect

FEATURES NOT SUPPORTED IN THIS RELEASE

The following features will no longer be supported in the next release. Features that are identified as deprecated represent features that are no longer recommended for use. In most cases, the deprecated item will be removed from the product in a future release. Fortify recommends that you remove the deprecated feature from your workflow at your earliest convenience.

Note: For a list of technologies that are no longer supported in this release, please see the “Technologies no Longer Supported in this Release” topic in the Micro Focus Fortify Software System Requirements document. This list only includes features that have lost support in this release.

SUPPORT

If you have questions or comments about using this product, contact Micro Focus Fortify Customer Support using the following option.

To Manage Your Support Cases, Acquire Licenses, and Manage Your Account: https://www.microfocus.com/support.

LEGAL NOTICES

© Copyright 2021 Micro Focus or one of its affiliates.

Warranty

The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice. 

Restricted Rights Legend

Confidential computer software. Except as specifically indicated otherwise, a valid license from Micro Focus is required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.