From 5e5b61ebac5feb8fa89c9dd95aa19b7b1c55c6b7 Mon Sep 17 00:00:00 2001 From: Dylan Date: Fri, 27 Sep 2024 10:44:01 -0400 Subject: [PATCH 01/15] Update fortify.yml with Fortify AST action v1.3 --- .github/workflows/fortify.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml index 7bd7ee8..de4d2b7 100644 --- a/.github/workflows/fortify.yml +++ b/.github/workflows/fortify.yml @@ -50,6 +50,9 @@ jobs: FOD_TENANT: ${{secrets.FOD_TENANT}} FOD_USER: ${{secrets.FOD_USER}} FOD_PASSWORD: ${{secrets.FOD_PAT}} - FOD_RELEASE: ${{ secrets.FOD_RELEASE_ID }} + #FOD_RELEASE: ${{ secrets.FOD_RELEASE_ID }} EXTRA_PACKAGE_OPTS: -oss DO_EXPORT: true + DO_SETUP: true + DO_JOB_SUMMARY: true + DO_PR_COMMENT: true From 05759643c22b6d869d98c029f29da420b4b7cccf Mon Sep 17 00:00:00 2001 From: Dylan Date: Fri, 27 Sep 2024 10:48:14 -0400 Subject: [PATCH 02/15] Update fortify.yml Specify latest minor version of Fortify action --- .github/workflows/fortify.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml index de4d2b7..cc4abb1 100644 --- a/.github/workflows/fortify.yml +++ b/.github/workflows/fortify.yml @@ -42,7 +42,7 @@ jobs: # Perform Fortify on Demand SAST + SCA scan and import SAST results into GitHub code scanning alerts - name: Run FoD SAST Scan - uses: fortify/github-action@v1 + uses: fortify/github-action@v1.3.1 with: sast-scan: true env: From 2b193b818084840831cee770ddd90b509c3ed1a6 Mon Sep 17 00:00:00 2001 From: Dylan Date: Fri, 27 Sep 2024 12:48:32 -0400 Subject: [PATCH 03/15] Update fortify.yml Add setup option for SDLC status --- .github/workflows/fortify.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml index cc4abb1..539c2fc 100644 --- a/.github/workflows/fortify.yml +++ b/.github/workflows/fortify.yml @@ -56,3 +56,4 @@ jobs: DO_SETUP: true DO_JOB_SUMMARY: true DO_PR_COMMENT: true + SETUP_EXTRA_OPTS: --sdlc-status QA --scan-types sast From ac439d6254d061cbfe35de833a26a1b8bcde7112 Mon Sep 17 00:00:00 2001 From: Dylan Date: Fri, 27 Sep 2024 13:10:59 -0400 Subject: [PATCH 04/15] Update fortify.yml Add Policy Check --- .github/workflows/fortify.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml index 539c2fc..38f03f8 100644 --- a/.github/workflows/fortify.yml +++ b/.github/workflows/fortify.yml @@ -56,4 +56,5 @@ jobs: DO_SETUP: true DO_JOB_SUMMARY: true DO_PR_COMMENT: true - SETUP_EXTRA_OPTS: --sdlc-status QA --scan-types sast + DO_POLICY_CHECK: true + SETUP_EXTRA_OPTS: --sdlc-status Development --scan-types sast From 7b4b54d2821e44e67cff479c5271ee5216fe0b53 Mon Sep 17 00:00:00 2001 From: Dylan Date: Mon, 30 Sep 2024 11:16:35 -0400 Subject: [PATCH 05/15] Update fortify.yml Additional action configuration --- .github/workflows/fortify.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml index 38f03f8..aac872b 100644 --- a/.github/workflows/fortify.yml +++ b/.github/workflows/fortify.yml @@ -23,11 +23,15 @@ on: jobs: Fortify-AST-Scan: runs-on: ubuntu-latest + strategy: + fail-fast: false + # Prevent running multiple FoD scans on same release simultaneously + max-parallel: 1 permissions: actions: read contents: read security-events: write - + pull-requests: write steps: # Check out source code - name: Check Out Source Code From c28ef5bd6d35cfcbdaf053d387c3f0e525670e00 Mon Sep 17 00:00:00 2001 From: Dylan Date: Mon, 30 Sep 2024 11:33:38 -0400 Subject: [PATCH 06/15] Update fortify.yml --- .github/workflows/fortify.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml index aac872b..1b42550 100644 --- a/.github/workflows/fortify.yml +++ b/.github/workflows/fortify.yml @@ -23,10 +23,6 @@ on: jobs: Fortify-AST-Scan: runs-on: ubuntu-latest - strategy: - fail-fast: false - # Prevent running multiple FoD scans on same release simultaneously - max-parallel: 1 permissions: actions: read contents: read From 8669c2444cec6b35c5d59685c2e478031e767a04 Mon Sep 17 00:00:00 2001 From: Dylan Date: Mon, 30 Sep 2024 13:49:43 -0400 Subject: [PATCH 07/15] Update fortify.yml --- .github/workflows/fortify.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml index 1b42550..10e8536 100644 --- a/.github/workflows/fortify.yml +++ b/.github/workflows/fortify.yml @@ -55,6 +55,6 @@ jobs: DO_EXPORT: true DO_SETUP: true DO_JOB_SUMMARY: true - DO_PR_COMMENT: true - DO_POLICY_CHECK: true + #DO_PR_COMMENT: true + #DO_POLICY_CHECK: true SETUP_EXTRA_OPTS: --sdlc-status Development --scan-types sast From b35f9d0f388198e560190db6dc1ce1d50ba97bc4 Mon Sep 17 00:00:00 2001 From: Dylan Date: Mon, 30 Sep 2024 14:53:14 -0400 Subject: [PATCH 08/15] Update fortify.yml --- .github/workflows/fortify.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml index 10e8536..1b42550 100644 --- a/.github/workflows/fortify.yml +++ b/.github/workflows/fortify.yml @@ -55,6 +55,6 @@ jobs: DO_EXPORT: true DO_SETUP: true DO_JOB_SUMMARY: true - #DO_PR_COMMENT: true - #DO_POLICY_CHECK: true + DO_PR_COMMENT: true + DO_POLICY_CHECK: true SETUP_EXTRA_OPTS: --sdlc-status Development --scan-types sast From cc3ddb6bad24639b2c11fd618139ce08492312aa Mon Sep 17 00:00:00 2001 From: Dylan Date: Tue, 1 Oct 2024 15:08:10 -0400 Subject: [PATCH 09/15] Update fortify.yml --- .github/workflows/fortify.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml index 1b42550..96099d3 100644 --- a/.github/workflows/fortify.yml +++ b/.github/workflows/fortify.yml @@ -56,5 +56,5 @@ jobs: DO_SETUP: true DO_JOB_SUMMARY: true DO_PR_COMMENT: true - DO_POLICY_CHECK: true + #DO_POLICY_CHECK: true SETUP_EXTRA_OPTS: --sdlc-status Development --scan-types sast From a9b456be4a637c46e5bb7dbe3a844df0a7ecb809 Mon Sep 17 00:00:00 2001 From: Dylan Date: Sun, 17 Nov 2024 10:32:58 -0500 Subject: [PATCH 10/15] Update fortify.yml --- .github/workflows/fortify.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml index 96099d3..4e311ab 100644 --- a/.github/workflows/fortify.yml +++ b/.github/workflows/fortify.yml @@ -42,19 +42,18 @@ jobs: # Perform Fortify on Demand SAST + SCA scan and import SAST results into GitHub code scanning alerts - name: Run FoD SAST Scan - uses: fortify/github-action@v1.3.1 + uses: fortify/github-action@v1 with: sast-scan: true + debricked-sca-scan: true env: FOD_URL: https://ams.fortify.com FOD_TENANT: ${{secrets.FOD_TENANT}} FOD_USER: ${{secrets.FOD_USER}} FOD_PASSWORD: ${{secrets.FOD_PAT}} - #FOD_RELEASE: ${{ secrets.FOD_RELEASE_ID }} - EXTRA_PACKAGE_OPTS: -oss DO_EXPORT: true DO_SETUP: true DO_JOB_SUMMARY: true DO_PR_COMMENT: true - #DO_POLICY_CHECK: true - SETUP_EXTRA_OPTS: --sdlc-status Development --scan-types sast + DO_POLICY_CHECK: true + #SETUP_EXTRA_OPTS: --sdlc-status Development --scan-types sast From 01bc33cda119f1c19898fa6ecdbb00c9b4b1677a Mon Sep 17 00:00:00 2001 From: Dylan Date: Sun, 17 Nov 2024 10:33:50 -0500 Subject: [PATCH 11/15] Update fortify.yml --- .github/workflows/fortify.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml index 4e311ab..3494e35 100644 --- a/.github/workflows/fortify.yml +++ b/.github/workflows/fortify.yml @@ -16,7 +16,7 @@ name: Fortify AST Scan on: workflow_dispatch: pull_request: - branches: [ "main" ] + branches: [ "gha-v1_3-update" ] push: branches: [ "main" ] From f911d459db643438c32bfad5fabea1eae027db7f Mon Sep 17 00:00:00 2001 From: Dylan Date: Sun, 17 Nov 2024 10:38:48 -0500 Subject: [PATCH 12/15] Update fortify.yml --- .github/workflows/fortify.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml index 3494e35..225b621 100644 --- a/.github/workflows/fortify.yml +++ b/.github/workflows/fortify.yml @@ -56,4 +56,4 @@ jobs: DO_JOB_SUMMARY: true DO_PR_COMMENT: true DO_POLICY_CHECK: true - #SETUP_EXTRA_OPTS: --sdlc-status Development --scan-types sast + SETUP_EXTRA_OPTS: --copy-from "${{ github.repository }}:${{ github.event.repository.default_branch }}" From 311a018661ffed564d7a6e48b79647b266ae3391 Mon Sep 17 00:00:00 2001 From: Dylan Date: Sun, 17 Nov 2024 11:18:01 -0500 Subject: [PATCH 13/15] Update fortify.yml --- .github/workflows/fortify.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml index 225b621..4c3ab7d 100644 --- a/.github/workflows/fortify.yml +++ b/.github/workflows/fortify.yml @@ -55,5 +55,5 @@ jobs: DO_SETUP: true DO_JOB_SUMMARY: true DO_PR_COMMENT: true - DO_POLICY_CHECK: true + #DO_POLICY_CHECK: true SETUP_EXTRA_OPTS: --copy-from "${{ github.repository }}:${{ github.event.repository.default_branch }}" From 76191f8c74eedb51af6985901ef54dcae68da04b Mon Sep 17 00:00:00 2001 From: Dylan Date: Wed, 20 Nov 2024 16:04:51 -0500 Subject: [PATCH 14/15] Update fortify.yml Test w/o copy state --- .github/workflows/fortify.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml index 4c3ab7d..337c2ed 100644 --- a/.github/workflows/fortify.yml +++ b/.github/workflows/fortify.yml @@ -56,4 +56,4 @@ jobs: DO_JOB_SUMMARY: true DO_PR_COMMENT: true #DO_POLICY_CHECK: true - SETUP_EXTRA_OPTS: --copy-from "${{ github.repository }}:${{ github.event.repository.default_branch }}" + #SETUP_EXTRA_OPTS: --copy-from "${{ github.repository }}:${{ github.event.repository.default_branch }}" From 4b34c54ca94e539c20191e0977568e3b879c93e1 Mon Sep 17 00:00:00 2001 From: Dylan Date: Thu, 21 Nov 2024 15:23:33 -0500 Subject: [PATCH 15/15] Update fortify.yml --- .github/workflows/fortify.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml index 337c2ed..92f83fe 100644 --- a/.github/workflows/fortify.yml +++ b/.github/workflows/fortify.yml @@ -16,7 +16,7 @@ name: Fortify AST Scan on: workflow_dispatch: pull_request: - branches: [ "gha-v1_3-update" ] + branches: [ "main" ] push: branches: [ "main" ] @@ -28,6 +28,7 @@ jobs: contents: read security-events: write pull-requests: write + steps: # Check out source code - name: Check Out Source Code @@ -53,7 +54,7 @@ jobs: FOD_PASSWORD: ${{secrets.FOD_PAT}} DO_EXPORT: true DO_SETUP: true + SETUP_EXTRA_OPTS: --copy-from "${{ github.repository }}:${{ github.event.repository.default_branch }}" DO_JOB_SUMMARY: true DO_PR_COMMENT: true #DO_POLICY_CHECK: true - #SETUP_EXTRA_OPTS: --copy-from "${{ github.repository }}:${{ github.event.repository.default_branch }}"