A unified script that integrates Fortify SAST with remote scanning for all CIs and provides Jira Integration.
Before you can run the script, ensure you have the following prerequisites set up:
- Scancentral Client: Install the Scancentral client and ensure it's added to your environment path.
- FCLI: Install the Fortify Command Line Interface (FCLI) and ensure it's added to your environment path.
- FortifyBugtrackerutility: Install the Fortify Bug Tracker Utility.
- Python: Ensure you have Python 3 installed.
- PIP: Ensure you have PIP installed.
- Python Decouple: Install the
python-decouplepackage using PIP: pip install python-decouple
Configuration Create a .env file in the same directory as your script. Add all necessary configurations to the .env file. For example: SSC_URL=your_ssc_url SSC_TOKEN=your_ssc_token ...
Running the Script Navigate to the directory containing the script. Run the script using Python:
python your_script_name.py
Understanding the Script The script performs the following steps:
- Fetches configuration values from the .env file.
- Creates a package using Scancentral.
- Logs in to SSC and SC-SAST.
- Starts a SAST scan using FCLI and retrieves the job token.
- Monitors the scan status until completion.
- Waits for Fortify SSC to process the scan results.
- Uploads issues to Jira.
- Queries the application using FCLI to get the count of issues based on severity.
- Check the issue counts against predefined limits to determine if the build obtains security clearance.
Troubleshooting Ensure all prerequisites are correctly installed and paths are set. Ensure the .env file contains all the necessary configurations and is located in the same directory as the script. Check the error messages printed by the script for more specific troubleshooting steps. **