Skip to content

Commit

Permalink
chore: Add fcli action links
Browse files Browse the repository at this point in the history
  • Loading branch information
rsenden committed Sep 16, 2024
1 parent 67ba099 commit 8717660
Show file tree
Hide file tree
Showing 11 changed files with 63 additions and 63 deletions.
76 changes: 38 additions & 38 deletions README.md

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion doc-resources/env-do-export.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
**`DO_EXPORT`, `EXPORT_ACTION`, `EXPORT_EXTRA_OPTS`** - OPTIONAL
If `DO_EXPORT` is set to `true` (implied if any of the other `EXPORT_*` variables are set, and implies `DO_WAIT`) or when explicitly invoking the `fortify/github-action/fod-export` or `fortify/github-action/ssc-export` actions, this action will will export scan results to the GitHub Security Code Scanning dashboard using the fcli-provided `github-sast-report` action or, if specified, the custom fcli action specified through `EXPORT_ACTION`. `EXPORT_ACTION` may point to a local file or URL; this custom fcli action must support (at least) the exact same action parameters (including any environment variable based default values for those parameters) as the built-in fcli action. Any extra options for the fcli action can be passed through the `EXPORT_EXTRA_OPTS` environment variable, for example to specify the SSC filter set from which to load issue data, or to allow an unsigned custom action to be used. Please see {{var:fcli-doc-base-url}}#_actions for more information.
If `DO_EXPORT` is set to `true` (implied if any of the other `EXPORT_*` variables are set, and implies `DO_WAIT`) or when explicitly invoking the `fortify/github-action/fod-export` or `fortify/github-action/ssc-export` actions, this action will will export scan results to the GitHub Security Code Scanning dashboard using the fcli-provided `github-sast-report` action or, if specified, the custom fcli action specified through `EXPORT_ACTION`. `EXPORT_ACTION` may point to a local file or URL; this custom fcli action must support (at least) the exact same action parameters (including any environment variable based default values for those parameters) as the built-in fcli action. Any extra options for the fcli action can be passed through the `EXPORT_EXTRA_OPTS` environment variable, for example to specify the SSC filter set from which to load issue data, or to allow an unsigned custom action to be used. Please see link:{{var:fcli-doc-base-url}}#_actions[Fcli action documentation] for more information on fcli actions, and documentation for link:{{var:fcli-doc-base-url}}fod-actions.html#_github_sast_report[FoD `github-sast-report` action] or link:{{var:fcli-doc-base-url}}ssc-actions.html#_github_sast_report[SSC `github-sast-report` action].

Note that this may require a [GitHub Advanced Security](https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security) subscription, unless you're running this action on a public github.com repository. GitHub only supports importing SAST results; other results will not exported to GitHub.
2 changes: 1 addition & 1 deletion doc-resources/env-do-job-summary.md
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
**`DO_JOB_SUMMARY`, `JOB_SUMMARY_ACTION`, `JOB_SUMMARY_EXTRA_OPTS`** - OPTIONAL
If `DO_JOB_SUMMARY` is set to `true` (implied if any of the other `JOB_SUMMARY_*` variables are set, and implies `DO_WAIT`), this action will generate a job summary listing scan status and issue counts using the fcli-provided `release-summary` (FoD) or `appversion-summary` (SSC) action, or, if specified, the custom fcli action specified through `JOB_SUMMARY_ACTION`. `JOB_SUMMARY_ACTION` may point to a local file or URL; this custom fcli action must support (at least) the exact same action parameters (including any environment variable based default values for those parameters) as the built-in fcli action. Any extra options for the fcli action can be passed through the `JOB_SUMMARY_EXTRA_OPTS` environment variable, for example to specify the SSC filter sets to be included in the summary, or to allow an unsigned custom action to be used. Please see {{var:fcli-doc-base-url}}#_actions for more information.
If `DO_JOB_SUMMARY` is set to `true` (implied if any of the other `JOB_SUMMARY_*` variables are set, and implies `DO_WAIT`), this action will generate a job summary listing scan status and issue counts using the fcli-provided `release-summary` (FoD) or `appversion-summary` (SSC) action, or, if specified, the custom fcli action specified through `JOB_SUMMARY_ACTION`. `JOB_SUMMARY_ACTION` may point to a local file or URL; this custom fcli action must support (at least) the exact same action parameters (including any environment variable based default values for those parameters) as the built-in fcli action. Any extra options for the fcli action can be passed through the `JOB_SUMMARY_EXTRA_OPTS` environment variable, for example to specify the SSC filter sets to be included in the summary, or to allow an unsigned custom action to be used. Please see link:{{var:fcli-doc-base-url}}#_actions[Fcli action documentation] for more information on fcli actions, and documentation for link:{{var:fcli-doc-base-url}}fod-actions.html#_release_summary[FoD `release-summary` action] or link:{{var:fcli-doc-base-url}}ssc-actions.html#_appversion_summary[SSC `appversion-summary` action].
2 changes: 1 addition & 1 deletion doc-resources/env-do-policy-check.md
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
**`DO_POLICY_CHECK`, `CHECK_POLICY_ACTION`, `CHECK_POLICY_EXTRA_OPTS`** - OPTIONAL
If `DO_POLICY_CHECK` is set to `true` (implied if any of the other `CHECK_POLICY_*` variables are set, and implies `DO_WAIT`), a policy check will be run after scan completion using the fcli-provided `check-policy` action or, if specified, the custom fcli action specified through `CHECK_POLICY_ACTION`. `POLICY_CHECK_ACTION` may point to a local file or URL; this custom fcli action must accept at least the `--av` (for SSC) or `--rel` (for FoD) option. Any extra options for this custom fcli action can be passed through the `CHECK_POLICY_EXTRA_OPTS` environment variable, which may include fcli options to allow unsigned custom actions to be used. Note that for FoD, the fcli-provided `check-policy` action will check the outcome of the FoD security policy. As SSC doesn't provide any similar security policy features, the fcli-provided action executes some sample policy checks that will likely fail in many cases. As security policies are different for every Fortify customer, you should consider implementing your own custom fcli policy check action(s), unless FoD-provided security policy functionality is sufficient.
If `DO_POLICY_CHECK` is set to `true` (implied if any of the other `CHECK_POLICY_*` variables are set, and implies `DO_WAIT`), a policy check will be run after scan completion using the fcli-provided `check-policy` action or, if specified, the custom fcli action specified through `CHECK_POLICY_ACTION`. `POLICY_CHECK_ACTION` may point to a local file or URL; this custom fcli action must accept at least the `--av` (for SSC) or `--rel` (for FoD) option. Any extra options for this custom fcli action can be passed through the `CHECK_POLICY_EXTRA_OPTS` environment variable, which may include fcli options to allow unsigned custom actions to be used. Note that for FoD, the fcli-provided `check-policy` action will check the outcome of the FoD security policy. As SSC doesn't provide any similar security policy features, the fcli-provided action executes some sample policy checks that will likely fail in many cases. As security policies are different for every Fortify customer, you should consider implementing your own custom fcli policy check action(s), unless FoD-provided security policy functionality is sufficient. Please see link:{{var:fcli-doc-base-url}}#_actions[Fcli action documentation] for more information on fcli actions, and documentation for link:{{var:fcli-doc-base-url}}fod-actions.html#_check_policy[FoD `check-policy` action] or link:{{var:fcli-doc-base-url}}ssc-actions.html#_check_policy[SSC `check-policy` action].
2 changes: 1 addition & 1 deletion doc-resources/env-do-pr-comment.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
**`DO_PR_COMMENT`, `PR_COMMENT_ACTION`, `PR_COMMENT_EXTRA_OPTS`** - OPTIONAL
If `DO_PR_COMMENT` is set to `true` (implied if any of the other `PR_COMMENT_*` variables are set, and implies `DO_WAIT`), this action will generate a pull request comment listing new, re-introduced and removed issues using the fcli-provided `github-pr-comment` action or, if specified, the custom fcli action specified through `PR_COMMENT_ACTION`. `PR_COMMENT_ACTION` may point to a local file or URL; this custom fcli action must support (at least) the exact same action parameters (including any environment variable based default values for those parameters) as the built-in fcli action. Any extra options for the fcli action can be passed through the `PR_COMMENT_EXTRA_OPTS` environment variable, for example to specify the SSC filter set from which to load issue data, or to allow an unsigned custom action to be used. Please see {{var:fcli-doc-base-url}}#_actions for more information.
If `DO_PR_COMMENT` is set to `true` (implied if any of the other `PR_COMMENT_*` variables are set, and implies `DO_WAIT`), this action will generate a pull request comment listing new, re-introduced and removed issues using the fcli-provided `github-pr-comment` action or, if specified, the custom fcli action specified through `PR_COMMENT_ACTION`. `PR_COMMENT_ACTION` may point to a local file or URL; this custom fcli action must support (at least) the exact same action parameters (including any environment variable based default values for those parameters) as the built-in fcli action. Any extra options for the fcli action can be passed through the `PR_COMMENT_EXTRA_OPTS` environment variable, for example to specify the SSC filter set from which to load issue data, or to allow an unsigned custom action to be used. Please see link:{{var:fcli-doc-base-url}}#_actions[Fcli action documentation] for more information on fcli actions, and documentation for link:{{var:fcli-doc-base-url}}fod-actions.html#_github_pr_comment[FoD `github-pr-comment` action] or link:{{var:fcli-doc-base-url}}ssc-actions.html#_github_pr_comment[SSC `github-pr-comment` action].

Note that pull request comments will only be generated under the following conditions:

Expand Down
2 changes: 1 addition & 1 deletion doc-resources/template-values.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ https://github.com/fortify/github-action
v1

# fcli-doc-base-url
https://fortify.github.io/fcli/v2.6.0/
https://fortify.github.io/fcli/dev_develop/

# sc-client-doc-base-url
https://www.microfocus.com/documentation/fortify-software-security-center/2420/SC_SAST_Help_24.2.0/index.htm
2 changes: 1 addition & 1 deletion fod-export/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ Fortify on Demand release to use with this action. This can be specified either
<!-- START-INCLUDE:env-do-export.md -->

**`DO_EXPORT`, `EXPORT_ACTION`, `EXPORT_EXTRA_OPTS`** - OPTIONAL
If `DO_EXPORT` is set to `true` (implied if any of the other `EXPORT_*` variables are set, and implies `DO_WAIT`) or when explicitly invoking the `fortify/github-action/fod-export` or `fortify/github-action/ssc-export` actions, this action will will export scan results to the GitHub Security Code Scanning dashboard using the fcli-provided `github-sast-report` action or, if specified, the custom fcli action specified through `EXPORT_ACTION`. `EXPORT_ACTION` may point to a local file or URL; this custom fcli action must support (at least) the exact same action parameters (including any environment variable based default values for those parameters) as the built-in fcli action. Any extra options for the fcli action can be passed through the `EXPORT_EXTRA_OPTS` environment variable, for example to specify the SSC filter set from which to load issue data, or to allow an unsigned custom action to be used. Please see https://fortify.github.io/fcli/v2.6.0/#_actions for more information.
If `DO_EXPORT` is set to `true` (implied if any of the other `EXPORT_*` variables are set, and implies `DO_WAIT`) or when explicitly invoking the `fortify/github-action/fod-export` or `fortify/github-action/ssc-export` actions, this action will will export scan results to the GitHub Security Code Scanning dashboard using the fcli-provided `github-sast-report` action or, if specified, the custom fcli action specified through `EXPORT_ACTION`. `EXPORT_ACTION` may point to a local file or URL; this custom fcli action must support (at least) the exact same action parameters (including any environment variable based default values for those parameters) as the built-in fcli action. Any extra options for the fcli action can be passed through the `EXPORT_EXTRA_OPTS` environment variable, for example to specify the SSC filter set from which to load issue data, or to allow an unsigned custom action to be used. Please see link:https://fortify.github.io/fcli/dev_develop/#_actions[Fcli action documentation] for more information on fcli actions, and documentation for link:https://fortify.github.io/fcli/dev_develop/fod-actions.html#_github_sast_report[FoD `github-sast-report` action] or link:https://fortify.github.io/fcli/dev_develop/ssc-actions.html#_github_sast_report[SSC `github-sast-report` action].

Note that this may require a [GitHub Advanced Security](https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security) subscription, unless you're running this action on a public github.com repository. GitHub only supports importing SAST results; other results will not exported to GitHub.

Expand Down
Loading

0 comments on commit 8717660

Please sign in to comment.