Fortinet black logo

Release Notes

Home FortiDevSec 23.4.0 Release Notes
23.4.0
24.1.a
24.1.0
23.4.a
23.4.0
23.3.0
23.2.a
23.2.0
23.1.a
23.1.0
22.4.a
22.4.0
22.3.0
22.2.0
22.1.0

What's New

What's New

This release of FortiDevSec includes the following new features.

Feature

Description

C# .NET scanner

Added support for C# .Net SAST scanner.

FortiDAST plugin

Added FortiDAST plugin support to configure assets/URLs from the FortiDevSec application page or from new application creation page.

Note: To perform DAST scan, uncomment the dast configuration in fdevsec.yaml file even when FortiDAST is configured through GUI plugin.

SECRET scanner enhancement

Enhanced SECRET scanner to support detection of the following:

  • Secrets redacted from report

  • Secrets from compressed archives

  • Personal identifiable information

  • Non-inclusive language

SCA scanner enhancement

The following enhancements are made to the SCA scanner:

  • Enhanced SBOM generator to detect additional SCA based vulnerabilities.

  • Added C# .Net language support.

SAST scanner enhancement

Added a new and improved custom C and C++ scanners to support Non-UTF8 code base.

Note: Older C/C++ scan findings are incompatible with this scanner and will no longer be shown.

GitLab CI/CD integration

To enhance the permissions of FortiDevSec scanners, ENTRYPOINT is introduced in docker. However, this change has caused compatibility issues with Docker executor. Instead, we will be supporting Shell executor provided by GitLab Runner moving forward.

Please refer to the latest user guide, for the updated GitLab CI/CD configuration.

Note: Scanner docker images must be updated using docker pull <image> command to the latest version to use the new features.

Previous
Next

What's New

This release of FortiDevSec includes the following new features.

Feature

Description

C# .NET scanner

Added support for C# .Net SAST scanner.

FortiDAST plugin

Added FortiDAST plugin support to configure assets/URLs from the FortiDevSec application page or from new application creation page.

Note: To perform DAST scan, uncomment the dast configuration in fdevsec.yaml file even when FortiDAST is configured through GUI plugin.

SECRET scanner enhancement

Enhanced SECRET scanner to support detection of the following:

  • Secrets redacted from report

  • Secrets from compressed archives

  • Personal identifiable information

  • Non-inclusive language

SCA scanner enhancement

The following enhancements are made to the SCA scanner:

  • Enhanced SBOM generator to detect additional SCA based vulnerabilities.

  • Added C# .Net language support.

SAST scanner enhancement

Added a new and improved custom C and C++ scanners to support Non-UTF8 code base.

Note: Older C/C++ scan findings are incompatible with this scanner and will no longer be shown.

GitLab CI/CD integration

To enhance the permissions of FortiDevSec scanners, ENTRYPOINT is introduced in docker. However, this change has caused compatibility issues with Docker executor. Instead, we will be supporting Shell executor provided by GitLab Runner moving forward.

Please refer to the latest user guide, for the updated GitLab CI/CD configuration.

Note: Scanner docker images must be updated using docker pull <image> command to the latest version to use the new features.

Previous
Next