Development Release - dev/v3.x branch

See Assets section below for latest build artifacts

v3.18.0

3.18.0 (2026-04-22)

Features

• fcli fod * list: Add --fetch option on most list commands to fetch subset of records from FoD (2bba9c5)
• fcli fod session list: Add --validate option to check validity of FoD OAuth token (525e13f)
• fcli sc-dast * list: Add --fetch option on most list commands to fetch subset of records from ScanCentral DAST (2bba9c5)
• fcli sc-sast * list: Add --fetch option on some list commands that utilize SSC REST endpoints to fetch subset of records from SSC (2bba9c5)
• fcli ssc * list: Add --fetch option on most list commands to fetch subset of records from SSC (2bba9c5)
• fcli ssc session list: Add --validate option to check and update session data based on current SSC token state (token deleted, expiry date changed, ...) (525e13f)
• fcli ssc tag: Add --[no-]extensible option to create and update commands (d92c7bd)
• fcli util all-commands list: Enrich output with module category (PRODUCT/CONFIG/UTIL) and session requirement metadata (f64243e)
• fcli util mcp-server start: --module option is now optional (at least one of --module or --import must be specified) (f64243e)
• fcli util mcp-server start: Add --import option for importing action YAML files, exposing exported action functions as MCP tools or resource templates (f64243e)
• fcli util mcp-server start: Support MCP resource templates via function meta.mcp.resource metadata (f64243e)
• fcli util rpc-server start: New JSON-RPC server command for programmatic fcli access (hidden, for internal use only for now) (f64243e)
• fcli --style option: Add [no-]envelope style for various output formats like JSON and YAML to allow for outputting paging and potentially other metadata (2bba9c5)
• fcli action framework: Add #fcli.listCommands(), #fcli.listCommands(query), #fcli.getCommandSpec(command), and #fcli.getCommandArgs(command) SpEL functions for querying available fcli commands from within action YAML (f64243e)
• fcli action framework: Add fn.yield step for emitting records from streaming functions, with automatic consumer termination detection (f64243e)
• fcli action framework: Add functions support — define reusable functions in action YAML with typed arguments, return values, and streaming (lazy fn.yield) capabilities; invoke via #fn.call('name', args...) SpEL function (f64243e)
• fcli action framework: Add sleep step for pausing execution for a SpEL-evaluated duration in milliseconds (f64243e)
• fcli action framework: Add with.product step for establishing product context (SSC/FoD) within action steps, making product-specific SpEL functions and REST targets available without running product-specific action commands (f64243e)
• fcli action framework: Emit <key>.metadata variable on run.fcli instructions to allow actions to access paging and potentially other metadata produced by the fcli command (2bba9c5)

Bug Fixes

• fcli aviator ssc audit: Improve filter set handling (#981) (c23d9e1)
• fcli fod dast-scan get-config: Fix NullPointerException when DAST Automated scan has not been configured (7e84eee)
• fcli fod dast-scan setup-*: Improve error messaging with information on locked settings. (7e84eee)
• fcli util mcp-server start: Fix option required reporting for options inside optional argument groups (f64243e)
• Fix potential concurrent modification of global values in multi-threaded contexts (e.g., async jobs in RPC/MCP servers) (f64243e)
• Fix some potential issues related to fcli stdio handling (f64243e)

v3.18

Semantic version release for v3.18.0

v3

Semantic version release for v3.18.0

latest

Semantic version release for v3.18.0

v3.17.0

3.17.0 (2026-04-10)

Features

• fcli aviator entitlement list-dast: New command for querying DAST entitlements (credit-based model) (8521a9f)
• fcli aviator entitlement list-sast: New command for querying SAST entitlements (8521a9f)
• fcli aviator entitlement list: Deprecated; use fcli aviator entitlement list-sast instead (8521a9f)
• fcli aviator ssc apply-remediations: Add --latest, --all, --since, --av options for easier selection of Aviator-processed artifacts (8521a9f)
• fcli aviator ssc audit : Add --folder-priority-order option to prioritize folder for issues selection if open issues exceed aviator app quota (8521a9f)
• fcli aviator ssc audit: Add --skip-if-exceeding-quota option to skip audits if open issues exceed aviator app quota (8521a9f)
• fcli aviator ssc audit: Add --test-exceeding-quota option for dry-run mode to report potential skips without auditing if open issues exceed aviator app quota (8521a9f)
• fcli fod aviator apply-remediations: New command for applying Aviator remediations from Fortify on Demand (8521a9f)
• fcli sc-dast scan delete: Add --force option to request forced deletion (0fb8a4d)
• SSC bulkaudit action: Add --aviator-app-mapping option to control SSC app/version to Aviator application mapping (8521a9f)

Bug Fixes

• fcli aviator ssc audit: Reduce memory consumption while parsing FPR files (8521a9f)
• fcli fod access-control: Throw exception if invalid role is specified on create-user or update-user commands (c0fb907)
• fcli fod: Fix loading of attribute definitions on FoD 26.2+ (5af0833)
• fcli fod: Use default attribute values from FoD 26.2+ if available for --auto-required-attrs (#969) (fd0fefd)
• fcli ssc * list: Improve server-side query generation to support matches operator (eb1170d)
• fcli util mcp-server start: Expose fcli ssc issue update command (10ce4bc)
• fcli util mcp-server start: Improve server-side query generation/handling (eb1170d)
• Fix duplicate HTTP request headers (427e929)
• Implement exponential back-off retry strategy on HTTP 502/503 errors for GET requests to SSC, SC-DAST, SC-DAST, and FoD (45a47ca)

v3.17

Semantic version release for v3.17.0

Development Release - feat/v3.x/aviator/26.2 branch

See Assets section below for latest build artifacts

v3.16.0

3.16.0 (2026-03-24)

Features

• fcli fod dast-scan start: Add --vpn option to select Fortify Connect network name (0d66c01)
• fcli fod oss-scan download-latest: Add --format option to support selecting CycloneDX or SPDX SBOM formats (dee92ef)
• fcli fod oss-scan download: Add --format option to support selecting CycloneDX or SPDX SBOM formats (dee92ef)
• fcli fod sast-scan import-sarf: new command to support importing SAST scan results in SARIF format (dee92ef)
• fcli ssc access-control update-local-user: New command for updating a local SSC user (0809f3a)
• fcli ssc issue update: New command for updating/auditing SSC issues (f33d814)
• fcli tool sourceanalyzer: New commands to register pre-installed sourceanalyzer installation, and running sourceanalyzer and rule pack update commands (e5d9e98)

Bug Fixes

• fcli action run ci: Use ephemeral encryption key for sensitive (session) files (fixes #949) (5b7c085)
• fcli fod dast-scan start: Fix DAST scan not starting first time when using fcli (fixes #917) (0d66c01)
• fcli fod microservice create: Disallow microservice creation on non-microservice application (fixes #873) (0d66c01)
• fcli tool sc-client install: Fix --with-jre option being ignored (8db476c)
• fcli action framework: Clear progress before writing checks output (be3c1ae)
• fcli action framework: Return exit code 100 for FAIL status on check instructions (fixes #950) (8467063)
• Fix ANSI color output on Windows (7111525)
• Fix multithreading issues (fixes #925) (4cfd2dd)

v3.16

Semantic version release for v3.16.0