Skip to content

Commit 7ea22ce

Browse files
rsendenrsenden
authored
Merge pull request #55 from fortify/azure-pipelines-ssc-update
Update SSC pipeline to use "fcli action run ci"
2 parents 81111d3 + 5e45bb8 commit 7ea22ce

1 file changed

Lines changed: 53 additions & 36 deletions

File tree

devops-integrations/azure/azure-pipelines-fortify-sast-scancentral.yml

Lines changed: 53 additions & 36 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,16 @@
11
# Integrate Fortify ScanCentral Static AppSec Testing (SAST) into your Azure DevOps pipeline
2-
# The following pipeline variables must be defined before using SAST stage
3-
# - $_FCLI_DEFAULT_SC_SAST_CLIENT_AUTH_TOKEN
4-
# - $_FCLI_DEFAULT_SSC_USER
5-
# - $_FCLI_DEFAULT_SSC_PASSWORD
6-
# - $_FCLI_DEFAULT_SSC_CI_TOKEN
7-
# - $_FCLI_DEFAULT_SSC_URL
8-
# - $_SSC_APP_VERSION_ID
2+
# The following pipeline variables must be defined before using SAST stage:
3+
# - $SSC_URL
4+
# - $SSC_TOKEN
5+
# - $SC_SAST_TOKEN
6+
# The following pipeline variables are optional and can be defined to enable additional features:
7+
# - $SSC_APPVERSION
8+
# - $AVIATOR_URL
9+
# - $AVIATOR_TOKEN
10+
# - $AVIATOR_APP
11+
# - $DEBRICKED_ACCESS_TOKEN
12+
# For more information on using Fortify ScanCentral SAST in Azure DevOps, see the documentation:
13+
# https://fortify.github.io/fcli/v3/ci/ado/script/ast-workflow-ssc.html
914

1015
trigger:
1116
- none
@@ -33,33 +38,45 @@ stages:
3338
- Build
3439
pool:
3540
vmImage: 'ubuntu-latest'
36-
container:
37-
image: fortifydocker/fortify-ci-tools:5.4.1-jdk-17
38-
options: "--add-host=<<SSC_FQDN_NAME>>:x.x.x.x"
39-
env:
40-
FCLI_DEFAULT_SC_SAST_CLIENT_AUTH_TOKEN: $(_FCLI_DEFAULT_SC_SAST_CLIENT_AUTH_TOKEN)
41-
FCLI_DEFAULT_SSC_USER: $(_FCLI_DEFAULT_SSC_USER)
42-
FCLI_DEFAULT_SSC_PASSWORD: $(_FCLI_DEFAULT_SSC_PASSWORD)
43-
FCLI_DEFAULT_SSC_CI_TOKEN: $(_FCLI_DEFAULT_SSC_CI_TOKEN)
44-
FCLI_DEFAULT_SSC_URL: $(_FCLI_DEFAULT_SSC_URL)
45-
SSC_APP_VERSION_ID: $(_SSC_APP_VERSION_ID)
46-
SC_SAST_SENSOR_VERSION: 24.2
4741
steps:
48-
- script: |
49-
echo Setting connection with Fortify Platform
50-
echo $FORTIFY_SSC_IP fortify.cyberxdemo.com >> /etc/hosts
51-
#Use --insecure switch if the SSL certificate is self generated.
52-
fcli ssc session login
53-
fcli sc-sast session login
54-
55-
scancentral package -bt mvn -o package.zip
56-
fcli sc-sast scan start --publish-to=$SSC_APP_VERSION_ID --sensor-version=$SC_SAST_SENSOR_VERSION --package-file=package.zip --store=Id
57-
58-
fcli sc-sast scan wait-for ::Id:: --interval=30s
59-
fcli ssc issue count --appversion=$SSC_APP_VERSION_ID
60-
61-
echo Terminating connection with Fortify Platform
62-
fcli sc-sast session logout
63-
fcli ssc session logout
64-
displayName: Scan Central Scan
65-
continueOnError: false
42+
- checkout: self
43+
persistCredentials: "true"
44+
clean: "true"
45+
- task: Bash@3
46+
displayName: 'Install Fortify CLI via @fortify/setup'
47+
inputs:
48+
targetType: 'inline'
49+
script: |
50+
npx @fortify/setup@v2 env init --tools=fcli:bootstrapped
51+
npx @fortify/setup@v2 env ado
52+
- task: Bash@3
53+
displayName: 'Run ScanCentral SAST CI Scan'
54+
inputs:
55+
targetType: 'inline'
56+
script: |
57+
set -euo pipefail
58+
fcli action run ci
59+
env:
60+
SSC_URL: $(SSC_URL)
61+
SSC_TOKEN: $(SSC_TOKEN)
62+
SC_SAST_TOKEN: $(SC_SAST_TOKEN)
63+
# Uncomment to enable Aviatior AI audit and remediation
64+
#AVIATOR_URL: $(AVIATOR_URL)
65+
#AVIATOR_TOKEN: $(AVIATOR_TOKEN)
66+
#AVIATOR_APP: $(AVIATOR_APP)
67+
# Uncomment to enable Debricked SCA scan
68+
#DEBRICKED_ACCESS_TOKEN: $(DEBRICKED_ACCESS_TOKEN)
69+
# SSC_APPVERSION is optional, defaults to <org>/<repo>:<branch>
70+
#SSC_APPVERSION: "$(SSC_APPVERSION)"
71+
DO_SETUP: true
72+
DO_SAST_SCAN: true
73+
#SAST_WAIT_EXTRA_OPTS: --timeout 2h
74+
#DO_DEBRICKED_SCAN: true
75+
#DO_AVIATOR_AUDIT: true
76+
DO_WAIT: true
77+
DO_APPVERSION_SUMMARY: true
78+
DO_POLICY_CHECK: true
79+
DO_JOB_SUMMARY: true
80+
DO_PR_COMMENT: true
81+
DO_EXPORT: true
82+

0 commit comments

Comments
 (0)