Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sarif - any way to parameterize the output file name? #74

Open
bwitonskiOT opened this issue May 23, 2024 · 0 comments
Open

Sarif - any way to parameterize the output file name? #74

bwitonskiOT opened this issue May 23, 2024 · 0 comments

Comments

@bwitonskiOT
Copy link

Opening issue on behalf of Nikola Aleksandrov [email protected] and ValueEdge ticket 11A1620012:

Hello team,

If we use the option "SSCToGitHub" the SARIF output is generated with the output file name as "gh-fortify-sast.sarif", this is fine and it is working as expected.

The Output file name is hard coded inside the file ".\config\SSCToGitHub.yml" like below:

...

sarif.output: ${export.dir}/gh-fortify-sast.sarif

...

Is there any way to parameterize the output file name?

The scenario will be like below:

PROJECTNAME="WebGoat"

Start loop for each VERSION in: "10, 20, 30, 40, 50"

Generate SARIF: java -jar FortifyVulnerabilityExporter.jar SSCToGitHub --ssc.baseUrl= --ssc.user= --ssc.password= --ssc.version.name="{PROJECTNAME}:${VERSION}"

Hint: the output file name should be generated with the name ${PROJECTNAME}_${VERSION}.sarif

End loop

After the loop, the below SARIF files should be created in the current folder.

WebGoat_10.sarif

WebGoat_20.sarif

WebGoat_30.sarif

WebGoat_40.sarif

WebGoat_50.sarif

is it possible?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bwitonskiOT