Skip to content

Commit

Permalink
fix: Fix GitLab instructions (fixes #30)
Browse files Browse the repository at this point in the history
  • Loading branch information
rsenden committed Jun 21, 2024
1 parent ee02f0c commit efed87d
Showing 1 changed file with 12 additions and 4 deletions.
16 changes: 12 additions & 4 deletions USAGE.md
Original file line number Diff line number Diff line change
Expand Up @@ -428,9 +428,13 @@ The following sections describe how to use the `fortifydocker/fortify-vulnerabil
The following example illustrates how to utilize the `fortify/fortify-vulnerability-exporter`
Docker image to integrate FortifyVulnerabilityExporter into a GitLab CI/CD pipeline for exporting vulnerability data from FoD to GitLab.
Note that to avoid GitLab passing `sh` as an argument to FortifyVulnerabilityExporter (which will fail, as FortifyVulnerabilityExporter will interpret `sh` as the name of a configuration file), we need to override the image entrypoint and manually invoke the utility in the `script` section.
```
fortify_scanning:
image: fortifydocker/fortify-vulnerability-exporter
image:
name: fortifydocker/fortify-vulnerability-exporter
entrypoint: [""]
variables:
export_config: /config/FoDToGitLab.yml
fod_baseUrl: https://ams.fortify.com
Expand All @@ -440,7 +444,7 @@ fortify_scanning:
fod_release_name: MyApp:MyRelease
# Or use fod_release_id: 1234
script:
- echo Script entry is required but not used
- java -DpopulateContainerDirs=true -cp "/app/classpath/*:app/libs/*" com.fortify.vulnexport.FortifyVulnerabilityExporter
when: manual
allow_failure: true
artifacts:
Expand All @@ -458,17 +462,21 @@ As described in the [CI/CD Integration](#cicd-integration) section, you can opti
The following example illustrates how to utilize the `fortify/fortify-vulnerability-exporter` Docker image to integrate FortifyVulnerabilityExporter into a GitLab CI/CD pipeline for exporting vulnerability data from SSC to GitLab.
Note that to avoid GitLab passing `sh` as an argument to FortifyVulnerabilityExporter (which will fail, as FortifyVulnerabilityExporter will interpret `sh` as the name of a configuration file), we need to override the image entrypoint and manually invoke the utility in the `script` section.
```
fortify_scanning:
image: fortifydocker/fortify-vulnerability-exporter
image:
name: fortifydocker/fortify-vulnerability-exporter
entrypoint: [""]
variables:
export_config: /config/SSCToGitLab.yml
ssc_baseUrl: ${SSC_BASE_URL}
ssc_authToken: ${SSC_CI_TOKEN_DECODED}
ssc_version_name: MyApp:MyVersion
# Or use ssc_version_id: 1234
script:
- echo Script entry is required but not used
- java -DpopulateContainerDirs=true -cp "/app/classpath/*:app/libs/*" com.fortify.vulnexport.FortifyVulnerabilityExporter
when: manual
allow_failure: true
artifacts:
Expand Down

0 comments on commit efed87d

Please sign in to comment.