Development Release - dev/v3.x branch

See Assets section below for latest build artifacts

v3.15.0

3.15.0 (2026-02-22)

Features

• bitbucket-*-report actions: Add --publish option to publish reports directly to BitBucket (only available when running in BitBucket pipeline) (edbe841)
• fcli fod issue update: Add --attributes option to allow for updating custom attributes (371947b)
• fcli license ncd-report create: Make projects configuration setting optional, iterating over all projects in organization by default (edbe841)
• fcli sc-sast sensor list: Add --appversion option for listing sensors for the pool to which the given application version is mapped (edbe841)
• fcli sc-sast sensor list: Add --latest-only option to only return the latest sensor version (edbe841)
• fcli sc-sast sensor list: Add --pool option for listing sensors for a specific pool (edbe841)
• fcli sc-sast sensor list: Add compatibleClientVersion to output (edbe841)
• fcli tool env *: Add --output-as option for ado, github, gitlab commands (3de393c)
• fcli tool env init: Produce output through fcli output framework to support standard fcli output (format) options and allow other fcli commands or external tools to programmatically process the output (edbe841)
• fcli tool env init: Support fcli:self and fcli:bootstrapped tool specifiers to register current (bootstrapped) fcli path (mostly meant for testing purposes) (edbe841)
• github-*-report actions: Add --publish option to publish reports directly to GitHub (only available when running in GitHub Actions workflow) (edbe841)
• gitlab-*-report actions: Add --publish option to publish reports directly to GitLab (only available when running in GitLab pipeline) (edbe841)
• Documentation: Add comprehensive fcli-based CI integration documentation for GitHub, GitLab, and Azure DevOps (b936989)
• Documentation: Add simplified installation & upgrade instructions based on @fortify/setup NPM component (b936989)
• fcli action framework: out.write instruction now automatically creates non-existing parent directories (b936989)
• fcli action framework: Add docRenderer().* SpEL functions (internal use only) (b936989)
• fcli action framework: Add on.fail & on.success handling to all step instructions (cb653b5)
• fcli action framework: Add CI-specific SpEL functions to allow fcli actions to auto-detect current CI system, upload security reports, add PR/MR comments, ... (edbe841)
• fcli actions framework: Allow cause to be specified on throw and log.* instructions (7d6c4e9)
• fcli actions framework: Replace nested steps instructions with do instructions for consistency (cc922da)
• FoD ci action: Add COPY_FROM_RELEASE convenience environment variable (f7356fe)
• FoD ci action: Add DO_AVIATOR_AUDIT convenience environment variable (f7356fe)
• FoD ci action: Add DO_SCA_SCAN convenience environment variable (f7356fe)
• FoD ci action: Add OVERRIDE_SAST_SETTINGS environment variable to override existing scan settings (f7356fe)
• FoD ci action: Add SAST_ASSESSMENT_TYPE convenience environment variable (f7356fe)
• FoD package action: Auto-detect whether -oss option needs to be passed based on SAST scan settings (6fd2957)
• FoD setup-release action: Add --override-sast-settings CLI option (f7356fe)
• FoD/SSC github-sast-report action: Publish Fortify issues either through SARIF file or as check run annotations depending on availability of GitHub Advanced Security Code Scanning features (afcad35)
• SSC package action: Auto-detect compatible ScanCentral Client version for packaging (if no explicit version configured by user) (edbe841)

Bug Fixes

• ci action: Skip PR comment if enabled but current run is not for a PR (b61c483)
• fcli * action run: Fix option parsing to better handle boolean flags (ba8d804)
• fcli tool * register: Fix registration of unknown tool versions from user-provided path (edbe841)
• fcli tool env init: Fix registration of unknown tool versions from user-provided path (edbe841)
• fcli tool sc-client install: Improve JRE detection (a9f3146)
• fcli tool sc-client install: Install Alpine-compatible JRE if on Alpine (f632a4d)
• fcli action framework: #join SpEL function: Improve support for multiple newline/tab characters in separator (b936989)
• fcli action framework: Fix output of log.info and log.warn instructions (edbe841)
• FoD/SSC *-report actions: Report issue file paths relative to workspace directory instead of SOURCE_DIR (afcad35)

v3.15

Semantic version release for v3.15.0

v3

Semantic version release for v3.15.0

latest

Semantic version release for v3.15.0

Development Release - doc/ci-updates branch

See Assets section below for latest build artifacts

Development Release - refactor/ci-rest-helpers branch

See Assets section below for latest build artifacts

v3.14.3

3.14.3 (2026-01-21)

Bug Fixes

• Only mask values that are not blank and longer than 4 characters (as short values are not considered secure/sensitive and are more likely to interfere with regular output), to avoid unexpected masking in log & console output (fixes #904) (fac5538)

v3.14

Semantic version release for v3.14.3

v3.14.2

3.14.2 (2025-12-24)

Bug Fixes

• Update dependencies (aeab071)
• Update MCP SDK to avoid VS Code Copilot plugin errors (aeab071)