SonatypeFortifyBundle-4.1.0

Changelog

• Updated Sonatype rulepack to include OWASP top 10 2021 vulnerabilities
• Restored logfile.location and loglevel properties
• Restored killServer property
• Removed forceUpload. Artifact update is now handled internally
• SSC artifacts will always be updated with every sync, even when no changes have been detected in scan results. This will help provide feedback in SSC about the date/time of the last sync

Deprecation notice: forceUpload flag is deprecated and has no impact in the process. Reports will always be uploaded in every run whether or not forceUpload is set to true or not. This flag can safely be omitted from now on when triggering a synchronization.

SonatypeFortifyBundle-4.0.2

Changelog

• Updated to latest log4j version for security purposes

SonatypeFortifyBundle-4.0.1

Changelog

• Architectural improvements
• Performance improvements
• Support for project ids of type long

SonatypeFortifyBundle-3.1

Added support to suppress issues in SSC with an associated waiver in IQ
Added support to unsuppress issues in SSC without an associated waiver in IQ

Two new flags were added. These two new flags can be defined in the iqapplication.properties file. This value can be overwritten by a more specific configuration in the mappings file (for the batch integration) or by sending the value using the integration endpoint. If the value is missing in the mappings or the request, the value present in the properties file is taken as default.

• forceUpload It forces the upload of a report even if there is no changes detected. Useful when the issues remain the same but the waiver information changed

• overwrite By default if a issue in SSC was manually suppressed, the integration will leave it untouched even if it does not have a waiver associated to it in IQ. If you want to unsuppress this issues to match the waivers in IQ, set this flag to true