IWA-Java/.github/workflows/scan.yml at acaff0342f61f73978439d4f2cd88c88246aa54c · fortify/IWA-Java · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
#
# Runs an OpenText SAST (Fortify) scan using Scan Central, using fortify/github-action@v3.
#

name: OpenText SAST

on:
  workflow_dispatch:
  pull_request:

jobs:
  scan:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up JDK 17
        uses: actions/setup-java@v4
        with:
          java-version: '17'
          distribution: 'temurin'
          cache: 'maven'

      - name: Run ScanCentral SAST
        uses: fortify/github-action@v3
        env:
          FCLI_BOOTSTRAP_VERSION: ${{vars.FCLI_VERSION}}
          SSC_URL: ${{vars.SSC_URL}}
          SC_CLIENT_VERSION: ${{vars.SC_CLIENT_VERSION}}
          SSC_TOKEN: ${{secrets.SSC_TOKEN}}
          SC_SAST_TOKEN: ${{secrets.SC_SAST_CLIENT_AUTH_TOKEN}}
          SSC_APPVERSION: "${{vars.APPLICATION_NAME}}:${{github.ref_name}}"
          DO_SETUP: true
          SETUP_EXTRA_OPTS: '--issue-template "Prioritized High Risk Issue Template"'
          DO_WAIT: true
          DO_JOB_SUMMARY: true