Skip to content

Commit

Permalink
chore: Update docs, add internal action
Browse files Browse the repository at this point in the history
  • Loading branch information
rsenden committed Oct 31, 2023
1 parent 57593f0 commit ed0cddd
Show file tree
Hide file tree
Showing 26 changed files with 261 additions and 207 deletions.
230 changes: 127 additions & 103 deletions README.md

Large diffs are not rendered by default.

8 changes: 4 additions & 4 deletions doc-resources/env-fod-connection.md
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
**`FOD_URL`**
Required: Fortify on Demand URL, for example https://ams.fortify.com
**`FOD_URL`** - REQUIRED
(REQUIRED) Fortify on Demand URL, for example https://ams.fortify.com

**`FOD_CLIENT_ID` & `FOD_CLIENT_SECRET`**
**`FOD_CLIENT_ID` & `FOD_CLIENT_SECRET`** - REQUIRED*
Required when authenticating with an API key: FoD Client ID (API key) and Secret (API secret)

**`FOD_TENANT`, `FOD_USER` & `FOD_PASSWORD`**
**`FOD_TENANT`, `FOD_USER` & `FOD_PASSWORD`** - REQUIRED*
Required when authenticating with user credentials: FoD tenant, user and password. It's recommended to use a Personal Access Token instead of an actual user password.
4 changes: 2 additions & 2 deletions doc-resources/env-fod-login.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{include:env-fod-connection.md}}

**`EXTRA_FOD_LOGIN_OPTS`**
Optional: Extra FoD login options, for example for disabling SSL checks or changing connection time-outs; see [`fcli fod session login` documentation]({{var:fcli-doc-base-url}}/manpage/fcli-fod-session-login.html)
**`EXTRA_FOD_LOGIN_OPTS`** - OPTIONAL
Extra FoD login options, for example for disabling SSL checks or changing connection time-outs; see [`fcli fod session login` documentation]({{var:fcli-doc-base-url}}/manpage/fcli-fod-session-login.html)
4 changes: 2 additions & 2 deletions doc-resources/env-fod-release.md
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
**`FOD_RELEASE`**
Required: Fortify on Demand release to use with this action. This can be specified either as a numeric release id, `<app>:<release>` (for non-microservices applications) or `<app>:<microservice>:<release>` (for microservices applications).
**`FOD_RELEASE`** - OPTIONAL
Fortify on Demand release to use with this action. This can be specified either as a numeric release id, `<app-name>:<release-name>` (for non-microservices applications) or `<app-name>:<microservice-name>:<release-name>` (for microservices applications). Default value is [`${{ github.action_repository }}:${{ github.action_ref }}`](https://docs.github.com/en/actions/learn-github-actions/contexts#github-context), for example `myOrg/myRepo:myBranch`.
9 changes: 3 additions & 6 deletions doc-resources/env-fod-sast-scan.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,8 @@

{{include:env-package.md}}

**`EXTRA_FOD_SAST_SCAN_OPTS`**
Optional: Extra FoD SAST scan options; see [`fcli fod sast-scan start` documentation]({{var:fcli-doc-base-url}}/manpage/fcli-fod-sast-scan-start.html)
**`EXTRA_FOD_SAST_SCAN_OPTS`** - OPTIONAL
Extra FoD SAST scan options; see [`fcli fod sast-scan start` documentation]({{var:fcli-doc-base-url}}/manpage/fcli-fod-sast-scan-start.html)

**`DO_WAIT`**
Optional: By default, this action will not wait until the scan has been completed. To have the workflow wait until the scan has been completed, set the `DO_WAIT` environment variable to `true`. Note that `DO_WAIT` is implied if `DO_EXPORT` is set to `true`; see below.
{{include:env-wait-export.md}}

**`DO_EXPORT`**
Optional: If set to `true`, this action will export scan results to the GitHub Security Code Scanning dashboard.
4 changes: 2 additions & 2 deletions doc-resources/env-package.md
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
**`EXTRA_PACKAGE_OPTS`**
Optional: By default, this action runs `scancentral package -o package.zip`. The `EXTRA_PACKAGE_OPTS` environment variable can be used to specify additional packaging options like `-bt none` to disable automatic build tool detection, or `-oss` to collect additional files for an open-source scan (FoD only).
**`EXTRA_PACKAGE_OPTS`** - OPTIONAL
By default, this action runs `scancentral package -o package.zip`. The `EXTRA_PACKAGE_OPTS` environment variable can be used to specify additional packaging options like `-oss` to collect additional files for an open-source scan (FoD only).
6 changes: 3 additions & 3 deletions doc-resources/env-sc-sast-login.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{{include:env-ssc-connection.md}}

**`SC_SAST_CLIENT_AUTH_TOKEN`**
**`SC_SAST_CLIENT_AUTH_TOKEN`** - REQUIRED
Required: ScanCentral SAST Client Authentication Token for authenticating with ScanCentral SAST Controller.

**`EXTRA_SC_SAST_LOGIN_OPTS`**
Optional: Extra ScanCentral SAST login options, for example for disabling SSL checks or changing connection time-outs; see [`fcli sc-sast session login` documentation]({{var:fcli-doc-base-url}}/manpage/fcli-sc-sast-session-login.html).
**`EXTRA_SC_SAST_LOGIN_OPTS`** - OPTIONAL
Extra ScanCentral SAST login options, for example for disabling SSL checks or changing connection time-outs; see [`fcli sc-sast session login` documentation]({{var:fcli-doc-base-url}}/manpage/fcli-sc-sast-session-login.html).
10 changes: 3 additions & 7 deletions doc-resources/env-sc-sast-scan.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,7 @@

{{include:env-package.md}}

**`EXTRA_SC_SAST_SCAN_OPTS`**
Optional: Extra ScanCentral SAST scan options; see [`fcli sc-sast scan start` documentation]({{var:fcli-doc-base-url}}/manpage/fcli-sc-sast-scan-start.html)
**`EXTRA_SC_SAST_SCAN_OPTS`** - OPTIONAL
Extra ScanCentral SAST scan options; see [`fcli sc-sast scan start` documentation]({{var:fcli-doc-base-url}}/manpage/fcli-sc-sast-scan-start.html)

**`DO_WAIT`**
Optional: By default, this action will not wait until the scan has been completed. To have the workflow wait until the scan has been completed, set the `DO_WAIT` environment variable to `true`. Note that `DO_WAIT` is implied if `DO_EXPORT` is set to `true`; see below.

**`DO_EXPORT`**
Optional: If set to `true`, this action will export scan results to the GitHub Security Code Scanning dashboard.
{{include:env-wait-export.md}}
4 changes: 2 additions & 2 deletions doc-resources/env-ssc-appversion.md
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
**`SSC_APPVERSION`**
Required: Fortify SSC application version to use with this action. This can be specified either as a numeric application version id, or by providing application and version name in the format `<app>:<release>`.
**`SSC_APPVERSION`** - OPTIONAL
Fortify SSC application version to use with this action. This can be specified either as a numeric application version id, or by providing application and version name in the format `<app-name>:<version-name>`. Default value is [`${{ github.action_repository }}:${{ github.action_ref }}`](https://docs.github.com/en/actions/learn-github-actions/contexts#github-context), for example `myOrg/myRepo:myBranch`.
8 changes: 4 additions & 4 deletions doc-resources/env-ssc-connection.md
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
**`SSC_URL`**
(Required) Fortify Software Security Center URL, for example https://ssc.customer.fortifyhosted.net/
**`SSC_URL`** - REQUIRED
Fortify Software Security Center URL, for example https://ssc.customer.fortifyhosted.net/

**`SSC_TOKEN`**
**`SSC_TOKEN`** - REQUIRED*
Required when authenticating with an SSC token (recommended). Most actions should work fine with a `CIToken`.

**`SSC_USER` & `SSC_PASSWORD`**
**`SSC_USER` & `SSC_PASSWORD`** - REQUIRED*
Required when authenticating with user credentials.
4 changes: 2 additions & 2 deletions doc-resources/env-ssc-login.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{include:env-ssc-connection.md}}

**`EXTRA_SSC_LOGIN_OPTS`**
Optional: Extra SSC login options, for example for disabling SSL checks or changing connection time-outs; see [`fcli ssc session login` documentation]({{var:fcli-doc-base-url}}/manpage/fcli-ssc-session-login.html).
**`EXTRA_SSC_LOGIN_OPTS`** - OPTIONAL
Extra SSC login options, for example for disabling SSL checks or changing connection time-outs; see [`fcli ssc session login` documentation]({{var:fcli-doc-base-url}}/manpage/fcli-ssc-session-login.html).
5 changes: 5 additions & 0 deletions doc-resources/env-wait-export.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
**`DO_WAIT`** - OPTIONAL
By default, this action will not wait until the scan has been completed. To have the workflow wait until the scan has been completed, set the `DO_WAIT` environment variable to `true`. Note that `DO_WAIT` is implied if `DO_EXPORT` is set to `true`; see below.

**`DO_EXPORT`** - OPTIONAL
If set to `true`, this action will export scan results to the GitHub Security Code Scanning dashboard. Note that this may require a [GitHub Advanced Security](https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security) subscription, unless you're running this action on a public github.com repository.
2 changes: 1 addition & 1 deletion doc-resources/nocomments.env-fod-login-sample.md
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
{{include:nocomments.env-fod-connection-sample.md}}
EXTRA_FOD_LOGIN_OPTS: --socket-timeout=60s
# EXTRA_FOD_LOGIN_OPTS: --socket-timeout=60s
2 changes: 1 addition & 1 deletion doc-resources/nocomments.env-fod-package-sample.md
Original file line number Diff line number Diff line change
@@ -1 +1 @@
EXTRA_PACKAGE_OPTS: -oss -bt gradle
# EXTRA_PACKAGE_OPTS: -oss
2 changes: 1 addition & 1 deletion doc-resources/nocomments.env-fod-release-sample.md
Original file line number Diff line number Diff line change
@@ -1 +1 @@
FOD_RELEASE: MyApp:MyRelease
# FOD_RELEASE: MyApp:MyRelease
4 changes: 2 additions & 2 deletions doc-resources/nocomments.env-fod-sast-scan-sample.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{{include:nocomments.env-fod-login-sample.md}}
{{include:nocomments.env-fod-release-sample.md}}
{{include:nocomments.env-fod-package-sample.md}}
# DO_WAIT: true # Ignored due to DO_EXPORT below
DO_EXPORT: true
# DO_WAIT: true
# DO_EXPORT: true
2 changes: 1 addition & 1 deletion doc-resources/nocomments.env-package-sample.md
Original file line number Diff line number Diff line change
@@ -1 +1 @@
EXTRA_PACKAGE_OPTS: -bt mvn
# EXTRA_PACKAGE_OPTS: -bf custom-pom.xml
2 changes: 1 addition & 1 deletion doc-resources/nocomments.env-sc-sast-login-sample.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
{{include:nocomments.env-ssc-connection-sample.md}}
SC_SAST_CLIENT_AUTH_TOKEN: ${{secrets.CLIENT_AUTH_TOKEN}}
EXTRA_SC_SAST_LOGIN_OPTS: --socket-timeout=60s
# EXTRA_SC_SAST_LOGIN_OPTS: --socket-timeout=60s
4 changes: 2 additions & 2 deletions doc-resources/nocomments.env-sc-sast-scan-sample.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{{include:nocomments.env-sc-sast-login-sample.md}}
{{include:nocomments.env-ssc-appversion-sample.md}}
{{include:nocomments.env-package-sample.md}}
# DO_WAIT: true # Ignored due to DO_EXPORT below
DO_EXPORT: true
# DO_WAIT: true
# DO_EXPORT: true
2 changes: 1 addition & 1 deletion doc-resources/nocomments.env-ssc-appversion-sample.md
Original file line number Diff line number Diff line change
@@ -1 +1 @@
SSC_APPVERSION: MyApp:MyVersion
# SSC_APPVERSION: MyApp:MyVersion
14 changes: 7 additions & 7 deletions fod-export/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,13 @@ This action exports the latest vulnerability data from an FoD release to the Git

<!-- START-INCLUDE:env-fod-connection.md -->

**`FOD_URL`**
Required: Fortify on Demand URL, for example https://ams.fortify.com
**`FOD_URL`** - REQUIRED
(REQUIRED) Fortify on Demand URL, for example https://ams.fortify.com

**`FOD_CLIENT_ID` & `FOD_CLIENT_SECRET`**
**`FOD_CLIENT_ID` & `FOD_CLIENT_SECRET`** - REQUIRED*
Required when authenticating with an API key: FoD Client ID (API key) and Secret (API secret)

**`FOD_TENANT`, `FOD_USER` & `FOD_PASSWORD`**
**`FOD_TENANT`, `FOD_USER` & `FOD_PASSWORD`** - REQUIRED*
Required when authenticating with user credentials: FoD tenant, user and password. It's recommended to use a Personal Access Token instead of an actual user password.

<!-- END-INCLUDE:env-fod-connection.md -->
Expand All @@ -33,8 +33,8 @@ Required when authenticating with user credentials: FoD tenant, user and passwor

<!-- START-INCLUDE:env-fod-release.md -->

**`FOD_RELEASE`**
Required: Fortify on Demand release to use with this action. This can be specified either as a numeric release id, `<app>:<release>` (for non-microservices applications) or `<app>:<microservice>:<release>` (for microservices applications).
**`FOD_RELEASE`** - OPTIONAL
Fortify on Demand release to use with this action. This can be specified either as a numeric release id, `<app-name>:<release-name>` (for non-microservices applications) or `<app-name>:<microservice-name>:<release-name>` (for microservices applications). Default value is [`${{ github.action_repository }}:${{ github.action_ref }}`](https://docs.github.com/en/actions/learn-github-actions/contexts#github-context), for example `myOrg/myRepo:myBranch`.

<!-- END-INCLUDE:env-fod-release.md -->

Expand All @@ -52,7 +52,7 @@ The sample workflow below demonstrates how to configure the action for exporting
FOD_TENANT: ${{secrets.FOD_TENANT}}
FOD_USER: ${{secrets.FOD_USER}}
FOD_PASSWORD: ${{secrets.FOD_PAT}}
FOD_RELEASE: MyApp:MyRelease
# FOD_RELEASE: MyApp:MyRelease
```

<!-- END-INCLUDE:action-fod-export.md -->
Expand Down
48 changes: 27 additions & 21 deletions fod-sast-scan/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,50 +33,56 @@ Before running this action, please ensure that the appropriate release has been

<!-- START-INCLUDE:env-fod-connection.md -->

**`FOD_URL`**
Required: Fortify on Demand URL, for example https://ams.fortify.com
**`FOD_URL`** - REQUIRED
(REQUIRED) Fortify on Demand URL, for example https://ams.fortify.com

**`FOD_CLIENT_ID` & `FOD_CLIENT_SECRET`**
**`FOD_CLIENT_ID` & `FOD_CLIENT_SECRET`** - REQUIRED*
Required when authenticating with an API key: FoD Client ID (API key) and Secret (API secret)

**`FOD_TENANT`, `FOD_USER` & `FOD_PASSWORD`**
**`FOD_TENANT`, `FOD_USER` & `FOD_PASSWORD`** - REQUIRED*
Required when authenticating with user credentials: FoD tenant, user and password. It's recommended to use a Personal Access Token instead of an actual user password.

<!-- END-INCLUDE:env-fod-connection.md -->


**`EXTRA_FOD_LOGIN_OPTS`**
Optional: Extra FoD login options, for example for disabling SSL checks or changing connection time-outs; see [`fcli fod session login` documentation](https://fortify.github.io/fcli/v2.0.0//manpage/fcli-fod-session-login.html)
**`EXTRA_FOD_LOGIN_OPTS`** - OPTIONAL
Extra FoD login options, for example for disabling SSL checks or changing connection time-outs; see [`fcli fod session login` documentation](https://fortify.github.io/fcli/v2.0.0//manpage/fcli-fod-session-login.html)

<!-- END-INCLUDE:env-fod-login.md -->



<!-- START-INCLUDE:env-fod-release.md -->

**`FOD_RELEASE`**
Required: Fortify on Demand release to use with this action. This can be specified either as a numeric release id, `<app>:<release>` (for non-microservices applications) or `<app>:<microservice>:<release>` (for microservices applications).
**`FOD_RELEASE`** - OPTIONAL
Fortify on Demand release to use with this action. This can be specified either as a numeric release id, `<app-name>:<release-name>` (for non-microservices applications) or `<app-name>:<microservice-name>:<release-name>` (for microservices applications). Default value is [`${{ github.action_repository }}:${{ github.action_ref }}`](https://docs.github.com/en/actions/learn-github-actions/contexts#github-context), for example `myOrg/myRepo:myBranch`.

<!-- END-INCLUDE:env-fod-release.md -->



<!-- START-INCLUDE:env-package.md -->

**`EXTRA_PACKAGE_OPTS`**
Optional: By default, this action runs `scancentral package -o package.zip`. The `EXTRA_PACKAGE_OPTS` environment variable can be used to specify additional packaging options like `-bt none` to disable automatic build tool detection, or `-oss` to collect additional files for an open-source scan (FoD only).
**`EXTRA_PACKAGE_OPTS`** - OPTIONAL
By default, this action runs `scancentral package -o package.zip`. The `EXTRA_PACKAGE_OPTS` environment variable can be used to specify additional packaging options like `-oss` to collect additional files for an open-source scan (FoD only).

<!-- END-INCLUDE:env-package.md -->


**`EXTRA_FOD_SAST_SCAN_OPTS`**
Optional: Extra FoD SAST scan options; see [`fcli fod sast-scan start` documentation](https://fortify.github.io/fcli/v2.0.0//manpage/fcli-fod-sast-scan-start.html)
**`EXTRA_FOD_SAST_SCAN_OPTS`** - OPTIONAL
Extra FoD SAST scan options; see [`fcli fod sast-scan start` documentation](https://fortify.github.io/fcli/v2.0.0//manpage/fcli-fod-sast-scan-start.html)

**`DO_WAIT`**
Optional: By default, this action will not wait until the scan has been completed. To have the workflow wait until the scan has been completed, set the `DO_WAIT` environment variable to `true`. Note that `DO_WAIT` is implied if `DO_EXPORT` is set to `true`; see below.

**`DO_EXPORT`**
Optional: If set to `true`, this action will export scan results to the GitHub Security Code Scanning dashboard.
<!-- START-INCLUDE:env-wait-export.md -->

**`DO_WAIT`** - OPTIONAL
By default, this action will not wait until the scan has been completed. To have the workflow wait until the scan has been completed, set the `DO_WAIT` environment variable to `true`. Note that `DO_WAIT` is implied if `DO_EXPORT` is set to `true`; see below.

**`DO_EXPORT`** - OPTIONAL
If set to `true`, this action will export scan results to the GitHub Security Code Scanning dashboard. Note that this may require a [GitHub Advanced Security](https://docs.github.com/en/get-started/learning-about-github/about-github-advanced-security) subscription, unless you're running this action on a public github.com repository.

<!-- END-INCLUDE:env-wait-export.md -->


<!-- END-INCLUDE:env-fod-sast-scan.md -->

Expand All @@ -96,11 +102,11 @@ The sample workflow below demonstrates how to configure the action for running a
FOD_TENANT: ${{secrets.FOD_TENANT}}
FOD_USER: ${{secrets.FOD_USER}}
FOD_PASSWORD: ${{secrets.FOD_PAT}}
EXTRA_FOD_LOGIN_OPTS: --socket-timeout=60s
FOD_RELEASE: MyApp:MyRelease
EXTRA_PACKAGE_OPTS: -oss -bt gradle
# DO_WAIT: true # Ignored due to DO_EXPORT below
DO_EXPORT: true
# EXTRA_FOD_LOGIN_OPTS: --socket-timeout=60s
# FOD_RELEASE: MyApp:MyRelease
# EXTRA_PACKAGE_OPTS: -oss
# DO_WAIT: true
# DO_EXPORT: true
```

<!-- END-INCLUDE:action-fod-sast-scan.md -->
Expand Down
20 changes: 20 additions & 0 deletions internal/set-ssc-var-defaults/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
name: 'Set default values'
description: 'Set default values for SSC environment variables like SSC_APPVERSION'
author: 'Fortify'
runs:
using: composite
steps:
- if: ${{ !env.SSC_APPVERSION }}
run: |
export SSC_APPVERSION="${APP}:${V}"
echo SSC_APPVERSION=$SSC_APPVERSION >> $GITHUB_ENV
echo "Configured default value for SSC_APPVERSION: ${SSC_APPVERSION}"
shell: bash
env:
APP: ${{ github.action_repository }}
V: ${{ github.action_ref }}

branding:
icon: 'shield'
color: 'blue'

6 changes: 3 additions & 3 deletions package/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,8 @@ This action packages application source code using [ScanCentral Client](https://

<!-- START-INCLUDE:env-package.md -->

**`EXTRA_PACKAGE_OPTS`**
Optional: By default, this action runs `scancentral package -o package.zip`. The `EXTRA_PACKAGE_OPTS` environment variable can be used to specify additional packaging options like `-bt none` to disable automatic build tool detection, or `-oss` to collect additional files for an open-source scan (FoD only).
**`EXTRA_PACKAGE_OPTS`** - OPTIONAL
By default, this action runs `scancentral package -o package.zip`. The `EXTRA_PACKAGE_OPTS` environment variable can be used to specify additional packaging options like `-oss` to collect additional files for an open-source scan (FoD only).

<!-- END-INCLUDE:env-package.md -->

Expand All @@ -35,7 +35,7 @@ The sample workflow below demonstrates how to configure the action for running a
- name: Package source code
uses: fortify/github-action/package@v1
env:
EXTRA_PACKAGE_OPTS: -bt mvn
# EXTRA_PACKAGE_OPTS: -bf custom-pom.xml
```

<!-- END-INCLUDE:action-package.md -->
Expand Down
Loading

0 comments on commit ed0cddd

Please sign in to comment.