Update fortify.yml

fortify · Nov 29, 2023 · eee1217 · eee1217
1 parent 9dc9c15
commit eee1217
Showing 1 changed file with 20 additions and 15 deletions.
diff --git a/code-scanning/fortify.yml b/code-scanning/fortify.yml
@@ -47,30 +47,35 @@ jobs:
           java-version: 17
           distribution: 'temurin'
 
-      # Perform SAST and optionally SCA scan via Fortify on Demand/Fortify Hosted/Software Security Center, then import SAST results into GitHub code scanning alerts
+      # Perform SAST and optionally SCA scan via Fortify on Demand/Fortify Hosted/Software Security Center, then
+      # optionally export SAST results to the GitHub code scanning dashboard. In case further customization is
+      # required, you can use sub-actions like fortify/github-action/setup@v1 to set up the various Fortify tools 
+      # and run them directly from within your pipeline; see https://github.com/fortify/github-action#readme for
+      # details.
       - name: Run FoD SAST Scan
         uses: fortify/github-action@v1
         with:
           sast-scan: true
         env:
-          # Required configuration when integrating with Fortify on Demand
+          ### Required configuration when integrating with Fortify on Demand
           FOD_URL: https://ams.fortify.com
           FOD_TENANT: ${{secrets.FOD_TENANT}}
           FOD_USER: ${{secrets.FOD_USER}}
           FOD_PASSWORD: ${{secrets.FOD_PAT}}
-          # Optional configuration when integrating with Fortify on Demand
-          # EXTRA_FOD_LOGIN_OPTS: --socket-timeout=60s
-          # FOD_RELEASE: MyApp:MyRelease
-          EXTRA_PACKAGE_OPTS: -oss
-          # DO_WAIT: true
-          DO_EXPORT: true
-          # Required configuration when integrating with Fortify SSC (including Fortify Hosted)
+          ### Optional configuration when integrating with Fortify on Demand
+          # EXTRA_PACKAGE_OPTS: -oss                       # Extra 'scancentral package' options, like '-oss'' if 
+                                                           # Debricked SCA scan is enabled on Fortify on Demand
+          # EXTRA_FOD_LOGIN_OPTS: --socket-timeout=60s     # Extra 'fcli fod session login' options
+          # FOD_RELEASE: MyApp:MyRelease                   # FoD release, defaults to GitHub <org>/<repo>:<branch>
+          # DO_WAIT: true                                  # Wait for scan completion, implied if 'DO_EXPORT: true'
+          # DO_EXPORT: true                                # Export SAST results to GitHub code scanning dashboard
+          ### Required configuration when integrating with Fortify Hosted / Software Security Center & ScanCentral
           # SSC_URL: ${{secrets.SSC_URL}}
           # SSC_TOKEN: ${{secrets.SSC_TOKEN}}
           # SC_SAST_CLIENT_AUTH_TOKEN: ${{secrets.CLIENT_AUTH_TOKEN}}
-          # Optional configuration when integrating with Fortify SSC (including Fortify Hosted)
-          # EXTRA_SC_SAST_LOGIN_OPTS: --socket-timeout=60s
-          # SSC_APPVERSION: MyApp:MyVersion
-          # EXTRA_PACKAGE_OPTS: -oss
-          # DO_WAIT: true
-          # DO_EXPORT: true
+          ### Optional configuration when integrating with Fortify Hosted / Software Security Center & ScanCentral
+          # EXTRA_SC_SAST_LOGIN_OPTS: --socket-timeout=60s # Extra 'fcli sc-sast session login' options
+          # SSC_APPVERSION: MyApp:MyVersion                # SSC application version, defaults to GitHub <org>/<repo>:<branch>
+          # EXTRA_PACKAGE_OPTS: -bv myCustomPom.xml        # Extra 'scancentral package' options
+          # DO_WAIT: true                                  # Wait for scan completion, implied if 'DO_EXPORT: true'
+          # DO_EXPORT: true                                # Export SAST results to GitHub code scanning dashboard