From 44f1f5c6b0b22248f9e514c54bdf8d737c508266 Mon Sep 17 00:00:00 2001 From: Dylan Date: Tue, 7 Nov 2023 10:47:47 -0500 Subject: [PATCH 1/3] Create fortify.yml --- .github/workflows/fortify.yml | 55 +++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 .github/workflows/fortify.yml diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml new file mode 100644 index 0000000..02cfe21 --- /dev/null +++ b/.github/workflows/fortify.yml @@ -0,0 +1,55 @@ +################################################################################################################################################ +# Fortify lets you build secure software fast with an appsec platform that automates testing throughout the DevSecOps pipeline. Fortify static,# +# dynamic, interactive, and runtime security testing is available on premises or as a service. To learn more about Fortify, start a free trial # +# or contact our sales team, visit microfocus.com/appsecurity. # +# # +# Use this workflow template as a basis for integrating Fortify on Demand Static Application Security Testing(SAST) into your GitHub workflows.# +# This template demonstrates the steps to prepare the code+dependencies, initiate a scan, download results once complete and import into # +# GitHub Security Code Scanning Alerts. Existing customers should review inputs and environment variables below to configure scanning against # +# an existing application in your Fortify on Demand tenant. Additional information is available in the comments throughout the workflow, the # +# documentation for the Fortify actions used, and the Fortify on Demand / ScanCentral Client product documentation. If you need additional # +# assistance with configuration, feel free to create a help ticket in the Fortify on Demand portal. # +################################################################################################################################################ + +name: Fortify AST Scan + +on: + workflow_dispatch: + pull_request: + branches: [ "master" ] + push: + branches: [ "master" ] + +jobs: + Fortify-AST-Scan: + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + steps: + # Check out source code + - name: Check Out Source Code + uses: actions/checkout@v3 + + # Java is required to run the various Fortify utilities. Ensuring proper version is installed on the runner. + - name: Setup Java + uses: actions/setup-java@v3 + with: + java-version: 11 + distribution: 'temurin' + + # Perform Fortify on Demand SAST + SCA scan and import SAST results into GitHub code scanning alerts + - name: Run FoD SAST Scan + uses: fortify/github-action@v1 + with: + sast-scan: true + env: + FOD_URL: https://ams.fortify.com + FOD_TENANT: ${{secrets.FOD_TENANT}} + FOD_USER: ${{secrets.FOD_USER}} + FOD_PASSWORD: ${{secrets.FOD_PAT}} + #FOD_RELEASE: MyApp:MyRelease + EXTRA_PACKAGE_OPTS: -oss + DO_EXPORT: true From 3db27f008f095ef39b49cd3d01e56ce2a5865977 Mon Sep 17 00:00:00 2001 From: Ruud Senden <8635138+rsenden@users.noreply.github.com> Date: Tue, 14 Nov 2023 13:56:10 +0100 Subject: [PATCH 2/3] chore: Test updated action defaults --- .github/workflows/fortify.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml index 02cfe21..a7aa4e4 100644 --- a/.github/workflows/fortify.yml +++ b/.github/workflows/fortify.yml @@ -42,7 +42,7 @@ jobs: # Perform Fortify on Demand SAST + SCA scan and import SAST results into GitHub code scanning alerts - name: Run FoD SAST Scan - uses: fortify/github-action@v1 + uses: fortify/github-action@main with: sast-scan: true env: From a543e831b78434a95f62d338bc1ae90c7a642cbc Mon Sep 17 00:00:00 2001 From: Ruud Senden <8635138+rsenden@users.noreply.github.com> Date: Tue, 14 Nov 2023 14:08:29 +0100 Subject: [PATCH 3/3] Revert "chore: Test updated action defaults" This reverts commit 3db27f008f095ef39b49cd3d01e56ce2a5865977. --- .github/workflows/fortify.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml index a7aa4e4..02cfe21 100644 --- a/.github/workflows/fortify.yml +++ b/.github/workflows/fortify.yml @@ -42,7 +42,7 @@ jobs: # Perform Fortify on Demand SAST + SCA scan and import SAST results into GitHub code scanning alerts - name: Run FoD SAST Scan - uses: fortify/github-action@main + uses: fortify/github-action@v1 with: sast-scan: true env: