FAST with Fortify ScanCentral DAST #25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Create GitHub Action Repository Variables for your version of the application: | |
# FORTIFY_BASE_URL should be the Fortify Base URL (e.g. https://ssc.uat.fortifyhosted.net) | |
# FORTIFY_PARENT_APPVER_NAME is the Fortify SSC Application Version Name corresponding to the parent branch of any newly created branch, this is typically "main" or "develop" | |
# FORTIFY_SCANCENTRAL_VERSION is the version of ScanCentral SAST Sensors being used | |
# Create GitHub Action Secrets for your version of the application: | |
# FORTIFY_SSC_TOKEN should be an SSC Authorization token (CIToken) obtained from your Fortify tenant. | |
# FORTIFY_SCSAST_CLIENT_AUTH_TOKEN should be the ScanCentral SAST Client Authentication token for your Fortify tenant. | |
name: FAST with Fortify ScanCentral DAST | |
on: | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
inputs: | |
runFortifyFAST: | |
description: 'Run Fortify ScanCentral FAST Scan' | |
required: false | |
default: 'true' | |
# Global environment variables | |
env: | |
DEFAULT_APP_NAME: "IWA" | |
DEFAULT_APP_URL: "https://iwa.onfortify.com" | |
DEFAULT_PYTHON_VERSION: "3.12.3" | |
DEFAULT_IMAGE_NAME: "fortifydocker/fortify-fast:24.2.ubuntu.2204" | |
DEFAULT_CONTAINER_NAME: "fortify-fast" | |
DEFAULT_FAST_PORT: 8087 | |
DEFAULT_FAST_PROXY: "127.0.0.1:8087" | |
jobs: | |
Run-FAST-Scan: | |
runs-on: ubuntu-latest | |
if: ${{ (github.event.inputs.runFortifyFAST == 'true') }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
# Fetch at least the immediate parents so that if this is a pull request then we can checkout the head. | |
fetch-depth: 2 | |
- name: Make envfile | |
uses: SpicyPizza/[email protected] | |
with: | |
envkey_APP_NAME: ${{ env.DEFAULT_APP_NAME }} | |
envkey_APP_URL: ${{ env.DEFAULT_APP_URL }} | |
envkey_FAST_PORT: ${{ env.DEFAULT_FAST_PORT }} | |
envkey_FAST_PROXY: ${{ env.DEFAULT_FAST_PROXY }} | |
file_name: .env | |
fail_on_empty: false | |
sort_keys: false | |
- name: Start FAST Container | |
shell: bash | |
run: | | |
cat .env | |
echo "Starting FAST Container" | |
mkdir -p "$HOME/.fast/certs" | |
docker run --name $CONTAINER_NAME -d -p ${FAST_PORT}:8087 -v "$HOME/.fast/certs:/etc/fast/certs" --rm $IMAGE_NAME -k -p ${FAST_PORT} -u ${SCANCENTRAL_DAST_API} -CIToken ${SSC_CI_TOKEN} -CICDToken ${SCANCENTRAL_DAST_CICD_TOKEN} -n "IWA FAST Scan" | |
docker logs $CONTAINER_NAME | |
env: | |
IMAGE_NAME: ${{ env.DEFAULT_IMAGE_NAME }} | |
CONTAINER_NAME: ${{ env.DEFAULT_CONTAINER_NAME }} | |
FAST_PORT: ${{ env.DEFAULT_FAST_PORT }} | |
SCANCENTRAL_DAST_API: ${{ vars.FORTIFY_SCDAST_API_URL }} | |
SSC_CI_TOKEN: ${{ secrets.FORTIFY_SSC_TOKEN }} | |
SCANCENTRAL_DAST_CICD_TOKEN: ${{ vars.FORTIFY_SCDAST_FAST_CICD_TOKEN }} | |
- name: Install Chrome | |
uses: browser-actions/setup-chrome@v1 | |
with: | |
chrome-version: stable | |
install-chromedriver: true | |
id: setup-chrome | |
#- run: | | |
# ${{ steps.setup-chrome.outputs.chrome-path }} --version | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.DEFAULT_PYTHON_VERSION }} | |
- name: Install dependencies | |
run: pip install pytest selenium webdriver-manager pytest-selenium pytest-xdist pytest-md pytest-emoji | |
- uses: pavelzw/pytest-action@v2 | |
with: | |
emoji: true | |
verbose: true | |
job-summary: true | |
env: | |
APP_URL: ${{ env.DEFAULT_APP_URL }} | |
- name: Stop FAST Container | |
shell: bash | |
run: | | |
echo "Stopping FAST Container" | |
docker logs $CONTAINER_NAME | |
docker exec $CONTAINER_NAME fast -p ${FAST_PORT} -s | |
env: | |
CONTAINER_NAME: ${{ env.DEFAULT_CONTAINER_NAME }} | |
FAST_PORT: ${{ env.DEFAULT_FAST_PORT }} | |
SCANCENTRAL_DAST_API: ${{ vars.FORTIFY_SCDAST_API_URL }} | |
SSC_CI_TOKEN: ${{ secrets.FORTIFY_SSC_TOKEN }} | |
SCANCENTRAL_DAST_CICD_TOKEN: ${{ vars.FORTIFY_SCDAST_CICD_TOKEN }} |