Skip to content

Commit

Permalink
chore: Update documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
rsenden committed Nov 1, 2023
1 parent f68df5c commit 02a5ad2
Show file tree
Hide file tree
Showing 7 changed files with 20 additions and 20 deletions.
20 changes: 10 additions & 10 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ The [Fortify github-action repository](https://github.com/fortify-ps/github-acti
**Fortify Sofware Security Center (SSC) / ScanCentral SAST**

* [`fortify/github-action`](#fortify-github-action)
For now, this action provides the same functionality as the `ssc-sast-scan` action listed below. Future versions may add support for running other types of scans or performing other SSC / ScanCentral actions.
For now, this action provides the same functionality as the `sc-sast-scan` action listed below. Future versions may add support for running other types of scans or performing other SSC / ScanCentral actions.
* [`fortify/github-action/sc-sast-scan`](#fortify-github-action-sc-sast-scan)
Package source code, submit SAST scan request to ScanCentral SAST, optionally wait for completion and export results back to the GitHub Security dashboard.
* [`fortify/github-action/package`](#fortify-github-action-package)
Expand All @@ -43,12 +43,12 @@ The [Fortify github-action repository](https://github.com/fortify-ps/github-acti

## fortify/github-action

The primary `fortify/github-action@v1` currently allows for running SAST scans on either Fortify on Demand or ScanCentral SAST. Which activities to perform is controlled through action inputs, the input for those activities is provided through environment variables. Software composition analysis of open source components may also be performed in conjunction with the Fortify on Demand SAST scan for customers who have purchased the functionality.
The primary `fortify/github-action` action currently allows for running SAST scans on either Fortify on Demand or ScanCentral SAST. Which activities to perform is controlled through action inputs, the input for those activities is provided through environment variables. With Fortify on Demand, software composition analysis of open source components may also be performed in conjunction with the SAST scan for customers who have purchased the functionality.

### Action inputs

**`sast-scan`** - OPTIONAL
When set to true, the action will run a SAST scan on either Fortify on Demand (if the FOD_URL environment variable has been specified), or on ScanCentral SAST (if the SSC_URL environment variable has been specified). This includes packaging the source code, running the scan, and optionally reporting SAST scan results back into GitHub.
When set to true, the action will run a SAST scan on either Fortify on Demand (if the `FOD_URL` environment variable has been specified), or on ScanCentral SAST (if the `SSC_URL` environment variable has been specified). This includes packaging the source code, running the scan, and optionally reporting SAST scan results back into GitHub.

If not specified or when set to false, no SAST scan will be performed. For now, this means that the action will complete without doing any work. Future versions of this action may provide additional inputs, for example allowing you to run a dynamic application security testing (DAST) scan instead of a SAST scan.

Expand Down Expand Up @@ -97,7 +97,7 @@ Fortify on Demand release to use with this action. This can be specified either
<!-- START-INCLUDE:env-fod-package.md -->

**`EXTRA_PACKAGE_OPTS`** - OPTIONAL
By default, this action runs `scancentral package -o package.zip` to package application source code. he `EXTRA_PACKAGE_OPTS` environment variable can be used to specify additional packaging options.
By default, this action runs `scancentral package -o package.zip` to package application source code. The `EXTRA_PACKAGE_OPTS` environment variable can be used to specify additional packaging options.

If FoD Software Composition Analysis has been purchased and configured on the applicable release, you'll need to pass the `-oss` option through this environment variable to generate and package the additional dependency files required.

Expand Down Expand Up @@ -145,7 +145,7 @@ Fortify Software Security Center URL, for example https://ssc.customer.fortifyho
Required when authenticating with an SSC token (recommended). Most actions should work fine with a `CIToken`.

**`SSC_USER` & `SSC_PASSWORD`** - REQUIRED*
Required when authenticating with user credentials.
Required when authenticating with SSC user credentials.

<!-- END-INCLUDE:env-ssc-connection.md -->

Expand Down Expand Up @@ -248,8 +248,8 @@ The sample workflows below demonstrate how to configure the action for running a

Depending on input, this action delegates to the appropriate sub-action(s). Please refer to the documentation of these actions for a more detailed description of action behavior & requirements:

* FoD SAST & optional SCA (open source) Scan: [`fortify/github-action/fod-sast-scan@v1`](#fortify-github-action-fod-sast-scan)
* ScanCentral SAST Scan: [`fortify/github-action/sc-sast-scan@v1`](#fortify-github-action-sc-sast-scan)
* FoD SAST & optional SCA (open source) scan: [`fortify/github-action/fod-sast-scan`](#fortify-github-action-fod-sast-scan)
* ScanCentral SAST scan: [`fortify/github-action/sc-sast-scan`](#fortify-github-action-sc-sast-scan)


<a name="fortify-github-action-setup"></a>
Expand Down Expand Up @@ -433,7 +433,7 @@ Fortify on Demand release to use with this action. This can be specified either
<!-- START-INCLUDE:env-fod-package.md -->

**`EXTRA_PACKAGE_OPTS`** - OPTIONAL
By default, this action runs `scancentral package -o package.zip` to package application source code. he `EXTRA_PACKAGE_OPTS` environment variable can be used to specify additional packaging options.
By default, this action runs `scancentral package -o package.zip` to package application source code. The `EXTRA_PACKAGE_OPTS` environment variable can be used to specify additional packaging options.

If FoD Software Composition Analysis has been purchased and configured on the applicable release, you'll need to pass the `-oss` option through this environment variable to generate and package the additional dependency files required.

Expand Down Expand Up @@ -579,7 +579,7 @@ Fortify Software Security Center URL, for example https://ssc.customer.fortifyho
Required when authenticating with an SSC token (recommended). Most actions should work fine with a `CIToken`.

**`SSC_USER` & `SSC_PASSWORD`** - REQUIRED*
Required when authenticating with user credentials.
Required when authenticating with SSC user credentials.

<!-- END-INCLUDE:env-ssc-connection.md -->

Expand Down Expand Up @@ -677,7 +677,7 @@ Fortify Software Security Center URL, for example https://ssc.customer.fortifyho
Required when authenticating with an SSC token (recommended). Most actions should work fine with a `CIToken`.

**`SSC_USER` & `SSC_PASSWORD`** - REQUIRED*
Required when authenticating with user credentials.
Required when authenticating with SSC user credentials.

<!-- END-INCLUDE:env-ssc-connection.md -->

Expand Down
2 changes: 1 addition & 1 deletion doc-resources/env-fod-package.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
**`EXTRA_PACKAGE_OPTS`** - OPTIONAL
By default, this action runs `scancentral package -o package.zip` to package application source code. he `EXTRA_PACKAGE_OPTS` environment variable can be used to specify additional packaging options.
By default, this action runs `scancentral package -o package.zip` to package application source code. The `EXTRA_PACKAGE_OPTS` environment variable can be used to specify additional packaging options.

If FoD Software Composition Analysis has been purchased and configured on the applicable release, you'll need to pass the `-oss` option through this environment variable to generate and package the additional dependency files required.

Expand Down
2 changes: 1 addition & 1 deletion doc-resources/env-ssc-connection.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,4 @@ Fortify Software Security Center URL, for example https://ssc.customer.fortifyho
Required when authenticating with an SSC token (recommended). Most actions should work fine with a `CIToken`.

**`SSC_USER` & `SSC_PASSWORD`** - REQUIRED*
Required when authenticating with user credentials.
Required when authenticating with SSC user credentials.
10 changes: 5 additions & 5 deletions doc-resources/repo-readme.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ The [Fortify github-action repository]({{var:repo-url}}) hosts various Fortify-r
**Fortify Sofware Security Center (SSC) / ScanCentral SAST**

* [`fortify/github-action`](#fortify-github-action)
For now, this action provides the same functionality as the `ssc-sast-scan` action listed below. Future versions may add support for running other types of scans or performing other SSC / ScanCentral actions.
For now, this action provides the same functionality as the `sc-sast-scan` action listed below. Future versions may add support for running other types of scans or performing other SSC / ScanCentral actions.
* [`fortify/github-action/sc-sast-scan`](#fortify-github-action-sc-sast-scan)
Package source code, submit SAST scan request to ScanCentral SAST, optionally wait for completion and export results back to the GitHub Security dashboard.
* [`fortify/github-action/package`](#fortify-github-action-package)
Expand All @@ -30,12 +30,12 @@ The [Fortify github-action repository]({{var:repo-url}}) hosts various Fortify-r

## fortify/github-action

The primary `fortify/github-action@{{var:action-major-version}}` currently allows for running SAST scans on either Fortify on Demand or ScanCentral SAST. Which activities to perform is controlled through action inputs, the input for those activities is provided through environment variables. Software composition analysis of open source components may also be performed in conjunction with the Fortify on Demand SAST scan for customers who have purchased the functionality.
The primary `fortify/github-action` action currently allows for running SAST scans on either Fortify on Demand or ScanCentral SAST. Which activities to perform is controlled through action inputs, the input for those activities is provided through environment variables. With Fortify on Demand, software composition analysis of open source components may also be performed in conjunction with the SAST scan for customers who have purchased the functionality.

### Action inputs

**`sast-scan`** - OPTIONAL
When set to true, the action will run a SAST scan on either Fortify on Demand (if the FOD_URL environment variable has been specified), or on ScanCentral SAST (if the SSC_URL environment variable has been specified). This includes packaging the source code, running the scan, and optionally reporting SAST scan results back into GitHub.
When set to true, the action will run a SAST scan on either Fortify on Demand (if the `FOD_URL` environment variable has been specified), or on ScanCentral SAST (if the `SSC_URL` environment variable has been specified). This includes packaging the source code, running the scan, and optionally reporting SAST scan results back into GitHub.

If not specified or when set to false, no SAST scan will be performed. For now, this means that the action will complete without doing any work. Future versions of this action may provide additional inputs, for example allowing you to run a dynamic application security testing (DAST) scan instead of a SAST scan.

Expand Down Expand Up @@ -85,8 +85,8 @@ The sample workflows below demonstrate how to configure the action for running a

Depending on input, this action delegates to the appropriate sub-action(s). Please refer to the documentation of these actions for a more detailed description of action behavior & requirements:

* FoD SAST & optional SCA (open source) Scan: [`fortify/github-action/fod-sast-scan@{{var:action-major-version}}`](#fortify-github-action-fod-sast-scan)
* ScanCentral SAST Scan: [`fortify/github-action/sc-sast-scan@{{var:action-major-version}}`](#fortify-github-action-sc-sast-scan)
* FoD SAST & optional SCA (open source) scan: [`fortify/github-action/fod-sast-scan`](#fortify-github-action-fod-sast-scan)
* ScanCentral SAST scan: [`fortify/github-action/sc-sast-scan`](#fortify-github-action-sc-sast-scan)


<a name="fortify-github-action-setup"></a>
Expand Down
2 changes: 1 addition & 1 deletion fod-sast-scan/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ Fortify on Demand release to use with this action. This can be specified either
<!-- START-INCLUDE:env-fod-package.md -->

**`EXTRA_PACKAGE_OPTS`** - OPTIONAL
By default, this action runs `scancentral package -o package.zip` to package application source code. he `EXTRA_PACKAGE_OPTS` environment variable can be used to specify additional packaging options.
By default, this action runs `scancentral package -o package.zip` to package application source code. The `EXTRA_PACKAGE_OPTS` environment variable can be used to specify additional packaging options.

If FoD Software Composition Analysis has been purchased and configured on the applicable release, you'll need to pass the `-oss` option through this environment variable to generate and package the additional dependency files required.

Expand Down
2 changes: 1 addition & 1 deletion sc-sast-scan/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ Fortify Software Security Center URL, for example https://ssc.customer.fortifyho
Required when authenticating with an SSC token (recommended). Most actions should work fine with a `CIToken`.

**`SSC_USER` & `SSC_PASSWORD`** - REQUIRED*
Required when authenticating with user credentials.
Required when authenticating with SSC user credentials.

<!-- END-INCLUDE:env-ssc-connection.md -->

Expand Down
2 changes: 1 addition & 1 deletion ssc-export/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ Fortify Software Security Center URL, for example https://ssc.customer.fortifyho
Required when authenticating with an SSC token (recommended). Most actions should work fine with a `CIToken`.

**`SSC_USER` & `SSC_PASSWORD`** - REQUIRED*
Required when authenticating with user credentials.
Required when authenticating with SSC user credentials.

<!-- END-INCLUDE:env-ssc-connection.md -->

Expand Down

0 comments on commit 02a5ad2

Please sign in to comment.