Skip to content

FAST with Fortify ScanCentral DAST #25

FAST with Fortify ScanCentral DAST

FAST with Fortify ScanCentral DAST #25

Workflow file for this run

# Create GitHub Action Repository Variables for your version of the application:
# FORTIFY_BASE_URL should be the Fortify Base URL (e.g. https://ssc.uat.fortifyhosted.net)
# FORTIFY_PARENT_APPVER_NAME is the Fortify SSC Application Version Name corresponding to the parent branch of any newly created branch, this is typically "main" or "develop"
# FORTIFY_SCANCENTRAL_VERSION is the version of ScanCentral SAST Sensors being used
# Create GitHub Action Secrets for your version of the application:
# FORTIFY_SSC_TOKEN should be an SSC Authorization token (CIToken) obtained from your Fortify tenant.
# FORTIFY_SCSAST_CLIENT_AUTH_TOKEN should be the ScanCentral SAST Client Authentication token for your Fortify tenant.
name: FAST with Fortify ScanCentral DAST
on:
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
inputs:
runFortifyFAST:
description: 'Run Fortify ScanCentral FAST Scan'
required: false
default: 'true'
# Global environment variables
env:
DEFAULT_APP_NAME: "IWA"
DEFAULT_APP_URL: "https://iwa.onfortify.com"
DEFAULT_PYTHON_VERSION: "3.12.3"
DEFAULT_IMAGE_NAME: "fortifydocker/fortify-fast:24.2.ubuntu.2204"
DEFAULT_CONTAINER_NAME: "fortify-fast"
DEFAULT_FAST_PORT: 8087
DEFAULT_FAST_PROXY: "127.0.0.1:8087"
jobs:
Run-FAST-Scan:
runs-on: ubuntu-latest
if: ${{ (github.event.inputs.runFortifyFAST == 'true') }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
# Fetch at least the immediate parents so that if this is a pull request then we can checkout the head.
fetch-depth: 2
- name: Make envfile
uses: SpicyPizza/[email protected]
with:
envkey_APP_NAME: ${{ env.DEFAULT_APP_NAME }}
envkey_APP_URL: ${{ env.DEFAULT_APP_URL }}
envkey_FAST_PORT: ${{ env.DEFAULT_FAST_PORT }}
envkey_FAST_PROXY: ${{ env.DEFAULT_FAST_PROXY }}
file_name: .env
fail_on_empty: false
sort_keys: false
- name: Start FAST Container
shell: bash
run: |
cat .env
echo "Starting FAST Container"
mkdir -p "$HOME/.fast/certs"
docker run --name $CONTAINER_NAME -d -p ${FAST_PORT}:8087 -v "$HOME/.fast/certs:/etc/fast/certs" --rm $IMAGE_NAME -k -p ${FAST_PORT} -u ${SCANCENTRAL_DAST_API} -CIToken ${SSC_CI_TOKEN} -CICDToken ${SCANCENTRAL_DAST_CICD_TOKEN} -n "IWA FAST Scan"
docker logs $CONTAINER_NAME
env:
IMAGE_NAME: ${{ env.DEFAULT_IMAGE_NAME }}
CONTAINER_NAME: ${{ env.DEFAULT_CONTAINER_NAME }}
FAST_PORT: ${{ env.DEFAULT_FAST_PORT }}
SCANCENTRAL_DAST_API: ${{ vars.FORTIFY_SCDAST_API_URL }}
SSC_CI_TOKEN: ${{ secrets.FORTIFY_SSC_TOKEN }}
SCANCENTRAL_DAST_CICD_TOKEN: ${{ vars.FORTIFY_SCDAST_FAST_CICD_TOKEN }}
- name: Install Chrome
uses: browser-actions/setup-chrome@v1
with:
chrome-version: stable
install-chromedriver: true
id: setup-chrome
#- run: |
# ${{ steps.setup-chrome.outputs.chrome-path }} --version
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ env.DEFAULT_PYTHON_VERSION }}
- name: Install dependencies
run: pip install pytest selenium webdriver-manager pytest-selenium pytest-xdist pytest-md pytest-emoji
- uses: pavelzw/pytest-action@v2
with:
emoji: true
verbose: true
job-summary: true
env:
APP_URL: ${{ env.DEFAULT_APP_URL }}
- name: Stop FAST Container
shell: bash
run: |
echo "Stopping FAST Container"
docker logs $CONTAINER_NAME
docker exec $CONTAINER_NAME fast -p ${FAST_PORT} -s
env:
CONTAINER_NAME: ${{ env.DEFAULT_CONTAINER_NAME }}
FAST_PORT: ${{ env.DEFAULT_FAST_PORT }}
SCANCENTRAL_DAST_API: ${{ vars.FORTIFY_SCDAST_API_URL }}
SSC_CI_TOKEN: ${{ secrets.FORTIFY_SSC_TOKEN }}
SCANCENTRAL_DAST_CICD_TOKEN: ${{ vars.FORTIFY_SCDAST_CICD_TOKEN }}