Development Release - doc/ci-updates branch

See Assets section below for latest build artifacts

Development Release - dev/v3.x branch

See Assets section below for latest build artifacts

Development Release - refactor/ci-rest-helpers branch

See Assets section below for latest build artifacts

v3.14.3

3.14.3 (2026-01-21)

Bug Fixes

• Only mask values that are not blank and longer than 4 characters (as short values are not considered secure/sensitive and are more likely to interfere with regular output), to avoid unexpected masking in log & console output (fixes #904) (fac5538)

v3.14

Semantic version release for v3.14.3

v3

Semantic version release for v3.14.3

latest

Semantic version release for v3.14.3

v3.14.2

3.14.2 (2025-12-24)

Bug Fixes

• Update dependencies (aeab071)
• Update MCP SDK to avoid VS Code Copilot plugin errors (aeab071)

v3.14.1

3.14.1 (2025-12-19)

Bug Fixes

• ci action: Write job summary to GitHub Actions job summary (9688fc6)
• Action framework: Return proper exit code as set by exit instruction (4a44f45)

v3.14.0

3.14.0 (2025-12-18)

Features

• fcli tool * get: New commands for displaying detailed information about a specific installed tool version (737f39a)
• fcli tool * install: Add hidden --copy-if-matching option (internal use by fcli tool env init) to copy from existing installation instead of downloading (737f39a)
• fcli tool * install: Tool installations now show action status (installed/copied/registered/skipped) for better visibility (737f39a)
• fcli tool * register: New commands for registering existing tool installations with automatic version detection (supports binary path, bin directory, or installation directory) (737f39a)
• fcli tool definitions update: Add --force option to update definitions even if they are up-to-date (737f39a)
• fcli tool definitions update: Add --max-age option to only update definitions if older than specified period (e.g., 1h, 4h, 1d) (737f39a)
• fcli tool env init: New command for automatically setting up one or more Fortify tools (auto-detects pre-installed tools, downloads if necessary, supports air-gapped environments, and platform-specific tool caching) (737f39a)
• fcli tool env shell|powershell|github|gitlab|ado|expr: New commands for generating environment variable exports for installed or registered tools in various shell or CI/CD-specific formats (737f39a)
• fcli tool sc-client install: Add --jre option to specify custom JRE home directory for use with fcli tool sc-client run command (737f39a)
• fcli tool sc-client install: Improve JRE handling with automatic detection from environment variables (SC_CLIENT_JRE_HOME, SCANCENTRAL_JRE_HOME) (737f39a)
• Action SpEL functions: Add #opt(name, value) function for conditionally formatting command-line options (737f39a)
• Add fcli state persistency information in help output and 'session not found' errors when running in Docker containers (7c72c8a)
• Add UBI9 images for fortifydocker/fcli (b26962d)
• fcli ci action: Add support for PREINSTALLED environment variable to require all tools to be pre-installed, preventing automatic downloads (737f39a)
• fcli ci action: Add support for pre-installed tools via SC_CLIENT_HOME and DEBRICKED_HOME environment variables, complementing existing dynamic installation (737f39a)
• fcli debricked-scan action: Change default --cli-version from latest to auto for smarter version resolution (737f39a)
• fcli debricked-scan action: Simplify tool setup by using fcli tool env init instead of separate update/install steps (737f39a)
• fcli detect-env action: Renamed from ci-vars and updated to provide general environment detection capabilities (CI platform, Git repository, ...) (737f39a)
• fcli package action: Change default --sc-client-version from latest to auto for smarter version resolution (737f39a)
• fcli package action: Simplify tool setup by using fcli tool env init instead of separate update/install steps (737f39a)
• Publish shell-based UBI9 variant of fortifydocker/fcli to allow for interactive use (7c72c8a)

Bug Fixes

• fcli * action sign: Remove ability to generate private key to avoid the use of weak encryption algorithms (d04e38a)
• fcli aviator: Correct filtering logic to prevent valid issues from being skipped during audit (dd253b5)
• fcli aviator: Ensure consistent file hash generation across different builds (dd253b5)
• fcli fod sast-scan setup: Keep existing settings for "aviator" and "oss" unless explicit --[no-]oss or --[no-]use-aviator specified (fixes #885) (649cd88)
• fcli ssc session login: Fail with proper error if supplied token is invalid (09ce146)
• fcli ci action: Post-scan tasks (check-policy, release-summary, pr-comment, export) are now properly skipped if no scans were run (737f39a)
• fcli debricked-scan action: Mask Debricked token in console output (b28d342)
• fcli debricked-scan action: Show Debricked output both on successful run and in case of errors (b28d342)
• Improve error handling and error output (737f39a)