Merge pull request #57 from fortify/fortify-action-update

Fortify action update to v3

Author: rsenden

.github/workflows/fortify.yml

@@ -32,7 +32,7 @@ jobs:
     steps:
       # Check out source code
       - name: Check Out Source Code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       # Java is required to run the various Fortify utilities. Ensuring proper version is installed on the runner.
       - name: Setup Java
@@ -42,19 +42,13 @@ jobs:
           distribution: 'temurin'
 
       # Perform Fortify on Demand SAST + SCA scan and import SAST results into GitHub code scanning alerts
-      - name: Run FoD SAST Scan
-        uses: fortify/github-action@v2
-        with:
-          sast-scan: true
-          debricked-sca-scan: true
+      - name: Run FoD SAST+SCA Scan
+        uses: fortify/github-action@v3
         env:
           FOD_URL: https://ams.fortify.com
           FOD_TENANT: ${{secrets.FOD_TENANT}}
           FOD_USER: ${{secrets.FOD_USER}}
           FOD_PASSWORD: ${{secrets.FOD_PAT}}
-          DO_EXPORT: true
-          DO_SETUP: true
-          SETUP_EXTRA_OPTS: --copy-from "${{ github.repository }}:${{ github.event.repository.default_branch }}"
-          DO_JOB_SUMMARY: true
-          DO_PR_COMMENT: true
-          #DO_POLICY_CHECK: true
+          DO_SCA_SCAN: true
+          DO_AVIATOR_AUDIT: true
+          COPY_FROM_RELEASE: "${{ github.repository }}:${{ github.event.repository.default_branch }}"