Skip to content
This repository has been archived by the owner on Nov 15, 2023. It is now read-only.

Latest commit

 

History

History
127 lines (85 loc) · 5.19 KB

README.md

File metadata and controls

127 lines (85 loc) · 5.19 KB
Raw

Build status

Please note: this project is no longer maintained - it is recommended to use the Fortify fcli tool instead

Power Shell for Fortify On Demand (FOD) Module

Table of Contents

Overview

This is a PowerShell module that provides command-line interaction and automation for the Fortify On Demand API.

Example

Use Cases

Although the module can be used generically, some use cases where it can be applied include:

  • Programatically importing existing users, applications and releases into FOD. Using PowerShell scripting it is possible to create scripts that pull data from other sources - such as a spreadsheet - and execute the functions in this module.
  • Programatically importing on-premise scans executed using Fortify SCA or Fortify WebInspect.
  • Running Static Scans from third party build tools where a plugin is not currently available.
  • Programatically creating dashboards from FOD data together with data from other sources.

An example dashboard created with this module and PowerShell Universal Dashboard is shown below:

DevSecOps Dashboard

Current API Support

At present, this module can:

  • Authenticate against the FOD API to retrieve and store authentication token
  • Execute a generic FOD API REST command with authentication and rate limiting support
  • Query, add, update and remove Users
  • Query, add, update and remove Applications
  • Query, add, update and remove Releases
  • Query Attributes
  • Query Application, Release and individual Scans
  • Query, add and remove user access to Applications
  • Query, add and remove user group access to Applications
  • Query Vulnerabilities
  • Start Static and Dynamic scans
  • Import on-premise static scans (from Fortify SCA)
  • Import on-premise dynamic scans (from Fortify WebInspect)
  • Export and Import Application Audit Templates
  • Query Open Source Components

Development is ongoing, with the goal to add broad support for the entire API set.

Please read Usage to see how the module can be used to accomplish some example tasks. There are also a number of more detailed scripted Examples.

Installation

You can get the latest release of the PowerShellForFOD from the PowerShell Gallery

Install-Module -Name PowerShellForFOD

Configuration

To access the Fortify On Demand API you need to create an "authentication" token. This module allows the creation and persistence of this token so that it does not need to be passed with each command. To create the token, run the following commands to set your API endpoint, use Username/Password authentication and request a token:

Set-FODConfig -ApiUri https://api.ams.fortify.com -GrantType UsernamePassword -Scope api-tenant
Get-FODToken

You will be requested for your login details, in example you would enter your tenantId\username and password. For more information on how to authenticate please refer to USAGE.

Example

Example command:

Get-FODApplications -Filters "applicationName:test" -Paging | Out-GridView

For more example commands, please refer to USAGE.

Supported Versions

PowerShellForFOD has been tested on PowerShell 5.x (Windows) and PowerShell Core 7.x (Linux). On Windows it should work on any PowerShell version later than 5.x - however if you find any problems please raise an issue.

Developing and Contributing

Please see the Contribution Guide for information on how to develop and contribute.

If you have any problems, please consult GitHub Issues to see if has already been discussed.

Licensing

PowerShellForFOD is licensed under the GNU General Public license.

This is community content provided by and for the benefit of Micro Focus customers, it is not officially endorsed nor supported via Micro Focus Software Support.