Skip to content
.github/workflows/main.yml

Update main.yml #116

Sign in to view logs

Update main.yml

Update main.yml #116

Workflow file for this run

.github/workflows/main.yml at f381b03
on: [pull_request]
permissions:
contents: read
checks: write
actions: write
statuses: write
jobs:
Fortify-Mobb-example:
runs-on: ubuntu-latest
name: Run scan with Fortify and get automated fixes with Mobb
steps:
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y sed
shell: bash -l {0}
- name: Checkout repo to get code
uses: actions/checkout@v3
- name: Setup Node on this machine
uses: actions/setup-node@v3.6.0
with:
node-version: 18
- uses: actions/setup-dotnet@v3
with:
dotnet-version: "7.0.100"
- name: Setup Java on this machine
uses: actions/setup-java@v3
with:
distribution: "oracle"
java-version: "19"
- name: Download Fortify uploader CLI
run: |
wget https://github.com/fod-dev/fod-uploader-java/releases/download/v5.4.0/FodUpload.jar -O /opt/FodUpload.jar
shell: bash -l {0}
- name: Run Fortify SAST scan
run: |
dotnet build
zip -r fortify_package.zip *
UPLOAD_OUTPUT=$(java -jar /opt/FodUpload.jar \
-z fortify_package.zip \
-ep SingleScanOnly \
-portalurl https://ams.fortify.com/ \
-apiurl https://api.ams.fortify.com/ \
-userCredentials ${{ secrets.FORTIFY_USER }} ${{ secrets.FORTIFY_TOKEN }} \
-tenantCode ${{ secrets.FORTIFY_TENANT }} \
-releaseId ${{ secrets.FORTIFY_RELEASE_ID }} \
-pp Queue)
SCAN_ID=$(echo "$UPLOAD_OUTPUT" | sed -n 's/Scan \([0-9]*\).*$/\1/p')
FORTIFY_USER=${{ secrets.FORTIFY_USER }} FORTIFY_TOKEN=${{ secrets.FORTIFY_TOKEN }} FORTIFY_TENANT=${{ secrets.FORTIFY_TENANT }} node .github/scripts/fortify-wait-fpr.js "$SCAN_ID"
shell: bash -l {0}
- name: Run Mobb on the findings and get fixes
uses: mobb-dev/action@v1
with:
report-file: "scandata.fpr"
api-key: ${{ secrets.MOBB_API_TOKEN }}
github-token: ${{ secrets.GITHUB_TOKEN }}