diff --git a/README.md b/README.md index d53cff1..72a70cd 100644 --- a/README.md +++ b/README.md @@ -67,6 +67,7 @@ The standard workflow provided by this GitHub Action allows for running a Static # SETUP_ACTION: https://scm.my.org/shared-repos/fcli-actions/setup.yaml # SETUP_EXTRA_OPTS: --copy-from "${{ github.repository }}:${{ github.event.repository.default_branch }}" # SC_CLIENT_VERSION: 24.2 + # DO_PACKAGE_DEBUG: true # PACKAGE_EXTRA_OPTS: -oss -bt mvn # FOD_SAST_SCAN_EXTRA_OPTS: # DO_WAIT: true @@ -107,6 +108,7 @@ This section lists the environment variables that can be specified in the `env:` | FOD_RELEASE | Fortify on Demand release to use with this action. This can be specified either as a numeric release id, `:` (for non-microservices applications) or `::` (for microservices applications). Default value is based on repository and branch name, for example `myOrg/myRepo:myBranch`. Note that you'll need to explicitly configure `FOD_RELEASE` for microservices applications, as the default value lacks a microservice name. | |DO_SETUP
SETUP_ACTION
SETUP_EXTRA_OPTS|If `DO_SETUP` is set to `true` (implied if any of the other two `SETUP_*` variables are set), the application and/or release will be automatically created if they do not yet exist and static scan settings will be configured if not configured already, using the fcli-provided [`setup-release`](https://fortify.github.io/fcli/v2.11.1/fod-actions.html#_setup_release) or, if specified, the custom fcli action specified through `SETUP_ACTION`. Extra options for the fcli action can be passed through the `SETUP_EXTRA_OPTS` environment variable. Depending on your Git workflow, it is recommended to have each newly created release copy state from the release representing your default branch by passing `--copy-from "${{ github.repository }}:${{ github.event.repository.default_branch }}"` through `SETUP_EXTRA_OPTS`. To allow the GitHub Action to create new applications, you must (also) provide the `--app-owner ` option through `SETUP_EXTRA_OPTS` if authenticating with client credentials. Note that if setup is enabled, `FOD_RELEASE` must be configured with a qualified release name; you cannot use release id. Please see the [Fcli Actions](#fortify-on-demand-fcli-actions) section below for more details.| | SC_CLIENT_VERSION | By default, this action uses ScanCentral Client 24.4.0 for packaging. This environment variable allows for overriding the ScanCentral Client version used for packaging. | +|DO_PACKAGE_DEBUG| If set to true, this will enable the `-debug` option on the `scancentral` command, and store both ScanCentral logs and the `package.zip` file as job artifacts.| |PACKAGE_EXTRA_OPTS
EXTRA_PACKAGE_OPTS| By default, this action runs `scancentral package -o package.zip` to package application source code. Use `PACKAGE_EXTRA_OPTS` to specify additional packaging options, for example `PACKAGE_EXTRA_OPTS: -bt mvn -bf `. See [Command-line options for the package command](https://www.microfocus.com/documentation/fortify-software-security-center/2440/SC_SAST_Help_24.4.0/index.htm#cli/package-cmd.htm) for more information on available options. Note that `EXTRA_PACKAGE_OPTS` is deprecated; please use `PACKAGE_EXTRA_OPTS`.| |FOD_SAST_SCAN_EXTRA_OPTS
EXTRA_FOD_SAST_SCAN_OPTS|Extra SAST scan options; see [`fcli fod sast-scan start` documentation](https://fortify.github.io/fcli/v2.11.1//manpage/fcli-fod-sast-scan-start.html). Note that `EXTRA_FOD_SAST_SCAN_OPTS` is deprecated; please use `FOD_SAST_SCAN_EXTRA_OPTS`.| | DO_WAIT | By default, this action will not wait until scans have been completed. To have the workflow wait until all scans have been completed, set the `DO_WAIT` environment variable to `true`. Note that some other environment variables imply `DO_WAIT`, for example when exporting vulnerability data or generating job summaries. This behavior is documented in the applicable environment variable descriptions. | @@ -199,6 +201,7 @@ The standard workflow provided by this GitHub Action allows for running a static # SETUP_ACTION: https://scm.my.org/shared-repos/fcli-actions/setup.yaml # SETUP_EXTRA_OPTS: --on-unsigned=ignore # SC_CLIENT_VERSION: 24.2 + # DO_PACKAGE_DEBUG: true # PACKAGE_EXTRA_OPTS: -oss -bt mvn SC_SAST_SENSOR_VERSION: 24.4.0 # EXTRA_SC_SAST_SCAN_OPTS: @@ -243,6 +246,7 @@ This section lists the environment variables that can be specified in the `env:` |SSC_APPVERSION|Fortify SSC application version to use with this action. This can be specified either as a numeric application version id, or by providing application and version name in the format `:`. Default value is based on repository and branch name, for example `myOrg/myRepo:myBranch`.| |DO_SETUP
SETUP_ACTION
SETUP_EXTRA_OPTS|If `DO_SETUP` is set to `true` (implied if any of the other two `SETUP_*` variables are set), the SSC application version will be automatically created if they do not yet exist, using the fcli-provided [`setup-appversion`](https://fortify.github.io/fcli/v2.11.1/ssc-actions.html#_setup_appversion) or, if specified, the custom fcli action specified through `SETUP_ACTION`. Extra options for the fcli action can be passed through the `SETUP_EXTRA_OPTS` environment variable, for example to copy state from an existing application version using the `--copy-from` option, or to allow an unsigned custom action to be used. Note that if setup is enabled, `SSC_APPVERSION` must be configured with a qualified application version name; you cannot use application version id. Please see the [SSC Fcli Actions](#ssc-fcli-actions) section below for more details.| | SC_CLIENT_VERSION | By default, this action uses ScanCentral Client 24.4.0 for packaging. This environment variable allows for overriding the ScanCentral Client version used for packaging. | +|DO_PACKAGE_DEBUG| If set to true, this will enable the `-debug` option on the `scancentral` command, and store both ScanCentral logs and the `package.zip` file as job artifacts.| |PACKAGE_EXTRA_OPTS
EXTRA_PACKAGE_OPTS| By default, this action runs `scancentral package -o package.zip` to package application source code. Use `PACKAGE_EXTRA_OPTS` to specify additional packaging options, for example `PACKAGE_EXTRA_OPTS: -bt mvn -bf `. See [Command-line options for the package command](https://www.microfocus.com/documentation/fortify-software-security-center/2440/SC_SAST_Help_24.4.0/index.htm#cli/package-cmd.htm) for more information on available options. Note that `EXTRA_PACKAGE_OPTS` is deprecated; please use `PACKAGE_EXTRA_OPTS`.| |**SC_SAST_SENSOR_VERSION**|Version of the ScanCentral SAST sensor on which the scan should be performed; see [`fcli sc-sast scan start` documentation](https://fortify.github.io/fcli/v2.11.1//manpage/fcli-sc-sast-scan-start.html) for details.| |SC_SAST_SCAN_EXTRA_OPTS
EXTRA_SC_SAST_SCAN_OPTS|Extra ScanCentral SAST scan options; see [`fcli sc-sast scan start` documentation](https://fortify.github.io/fcli/v2.11.1//manpage/fcli-sc-sast-scan-start.html). Note that `EXTRA_SC_SAST_SCAN_OPTS` is deprecated; please use `SC_SAST_SCAN_EXTRA_OPTS`.| diff --git a/action.yml b/action.yml index f99c9db..3b2ff80 100644 --- a/action.yml +++ b/action.yml @@ -13,15 +13,15 @@ inputs: runs: using: composite steps: - - uses: fortify/github-action/fod-sast-scan@main + - uses: fortify/github-action/fod-sast-scan@feat-package-debug if: inputs['sast-scan']=='true' && env.FOD_URL env: DO_DEBRICKED_SCAN: ${{ inputs['debricked-sca-scan'] }} - - uses: fortify/github-action/sc-sast-scan@main + - uses: fortify/github-action/sc-sast-scan@feat-package-debug if: inputs['sast-scan']=='true' && env.SSC_URL env: DO_DEBRICKED_SCAN: ${{ inputs['debricked-sca-scan'] }} - - uses: fortify/github-action/ssc-debricked-scan@main + - uses: fortify/github-action/ssc-debricked-scan@feat-package-debug if: inputs['sast-scan']=='false' && inputs['debricked-sca-scan']=='true' && env.SSC_URL branding: diff --git a/doc-resources/action/package/nocomments.env-package-extra-opts.md b/doc-resources/action/package/nocomments.env-package-extra-opts.md index 04473a2..8207752 100644 --- a/doc-resources/action/package/nocomments.env-package-extra-opts.md +++ b/doc-resources/action/package/nocomments.env-package-extra-opts.md @@ -1 +1,2 @@ +|DO_PACKAGE_DEBUG| If set to true, this will enable the `-debug` option on the `scancentral` command, and store both ScanCentral logs and the `package.zip` file as job artifacts.| |PACKAGE_EXTRA_OPTS
EXTRA_PACKAGE_OPTS| By default, this action runs `scancentral package -o package.zip` to package application source code. Use `PACKAGE_EXTRA_OPTS` to specify additional packaging options, for example `PACKAGE_EXTRA_OPTS: -bt mvn -bf `. See [Command-line options for the package command]({{var:sc-client-doc-base-url}}#cli/package-cmd.htm) for more information on available options. Note that `EXTRA_PACKAGE_OPTS` is deprecated; please use `PACKAGE_EXTRA_OPTS`.| \ No newline at end of file diff --git a/doc-resources/action/package/nocomments.snippet-package-extra-opts.md b/doc-resources/action/package/nocomments.snippet-package-extra-opts.md index 8050831..5f7a778 100644 --- a/doc-resources/action/package/nocomments.snippet-package-extra-opts.md +++ b/doc-resources/action/package/nocomments.snippet-package-extra-opts.md @@ -1 +1,2 @@ + # DO_PACKAGE_DEBUG: true # PACKAGE_EXTRA_OPTS: -oss -bt mvn \ No newline at end of file diff --git a/fod-export/action.yml b/fod-export/action.yml index 53ab728..99ef98c 100644 --- a/fod-export/action.yml +++ b/fod-export/action.yml @@ -4,13 +4,13 @@ author: 'Fortify' runs: using: composite steps: - - uses: fortify/github-action/internal/set-fod-var-defaults@main - - uses: fortify/github-action/setup@main + - uses: fortify/github-action/internal/set-fod-var-defaults@feat-package-debug + - uses: fortify/github-action/setup@feat-package-debug with: export-path: false fcli: action-default - - uses: fortify/github-action/internal/fod-login@main - - uses: fortify/github-action/internal/run-script@main + - uses: fortify/github-action/internal/fod-login@feat-package-debug + - uses: fortify/github-action/internal/run-script@feat-package-debug with: script: export.sh env: diff --git a/fod-sast-scan/README.md b/fod-sast-scan/README.md index 054b1d9..b8ec9c5 100644 --- a/fod-sast-scan/README.md +++ b/fod-sast-scan/README.md @@ -65,6 +65,7 @@ The sample workflow below demonstrates how to configure the action for running a # SETUP_ACTION: https://scm.my.org/shared-repos/fcli-actions/setup.yaml # SETUP_EXTRA_OPTS: --copy-from "${{ github.repository }}:${{ github.event.repository.default_branch }}" # SC_CLIENT_VERSION: 24.2 + # DO_PACKAGE_DEBUG: true # PACKAGE_EXTRA_OPTS: -oss -bt mvn # FOD_SAST_SCAN_EXTRA_OPTS: # DO_DEBRICKED_SCAN: true @@ -98,6 +99,7 @@ This section lists the environment variables that can be specified in the `env:` | FOD_RELEASE | Fortify on Demand release to use with this action. This can be specified either as a numeric release id, `:` (for non-microservices applications) or `::` (for microservices applications). Default value is based on repository and branch name, for example `myOrg/myRepo:myBranch`. Note that you'll need to explicitly configure `FOD_RELEASE` for microservices applications, as the default value lacks a microservice name. | |DO_SETUP
SETUP_ACTION
SETUP_EXTRA_OPTS|If `DO_SETUP` is set to `true` (implied if any of the other two `SETUP_*` variables are set), the application and/or release will be automatically created if they do not yet exist and static scan settings will be configured if not configured already, using the fcli-provided [`setup-release`](https://fortify.github.io/fcli/v2.11.1/fod-actions.html#_setup_release) or, if specified, the custom fcli action specified through `SETUP_ACTION`. Extra options for the fcli action can be passed through the `SETUP_EXTRA_OPTS` environment variable. Depending on your Git workflow, it is recommended to have each newly created release copy state from the release representing your default branch by passing `--copy-from "${{ github.repository }}:${{ github.event.repository.default_branch }}"` through `SETUP_EXTRA_OPTS`. To allow the GitHub Action to create new applications, you must (also) provide the `--app-owner ` option through `SETUP_EXTRA_OPTS` if authenticating with client credentials. Note that if setup is enabled, `FOD_RELEASE` must be configured with a qualified release name; you cannot use release id. Please see the [Fcli Actions](#fortify-on-demand-fcli-actions) section below for more details.| | SC_CLIENT_VERSION | By default, this action uses ScanCentral Client 24.4.0 for packaging. This environment variable allows for overriding the ScanCentral Client version used for packaging. | +|DO_PACKAGE_DEBUG| If set to true, this will enable the `-debug` option on the `scancentral` command, and store both ScanCentral logs and the `package.zip` file as job artifacts.| |PACKAGE_EXTRA_OPTS
EXTRA_PACKAGE_OPTS| By default, this action runs `scancentral package -o package.zip` to package application source code. Use `PACKAGE_EXTRA_OPTS` to specify additional packaging options, for example `PACKAGE_EXTRA_OPTS: -bt mvn -bf `. See [Command-line options for the package command](https://www.microfocus.com/documentation/fortify-software-security-center/2440/SC_SAST_Help_24.4.0/index.htm#cli/package-cmd.htm) for more information on available options. Note that `EXTRA_PACKAGE_OPTS` is deprecated; please use `PACKAGE_EXTRA_OPTS`.| |FOD_SAST_SCAN_EXTRA_OPTS
EXTRA_FOD_SAST_SCAN_OPTS|Extra SAST scan options; see [`fcli fod sast-scan start` documentation](https://fortify.github.io/fcli/v2.11.1//manpage/fcli-fod-sast-scan-start.html). Note that `EXTRA_FOD_SAST_SCAN_OPTS` is deprecated; please use `FOD_SAST_SCAN_EXTRA_OPTS`.| |DO_DEBRICKED_SCAN|Configure the static scan to also run an open-source scan. Depending on Fortify on Demand configuration, this may be either a Debricked or a Sonatype scan. Effectively, this adds dependency data to the scan payload, and enables the open-source scan setting in the Fortify on Demand scan configuration. Note that any existing scan configuration will not be updated, so if the scan has already been configured in Fortify on Demand, an open-source scan will only be performed if previously enabled in the existing scan configuration.| diff --git a/fod-sast-scan/action.yml b/fod-sast-scan/action.yml index c423edf..5237d47 100644 --- a/fod-sast-scan/action.yml +++ b/fod-sast-scan/action.yml @@ -4,21 +4,21 @@ author: 'Fortify' runs: using: composite steps: - - uses: fortify/github-action/internal/set-fod-var-defaults@main - - uses: fortify/github-action/setup@main + - uses: fortify/github-action/internal/set-fod-var-defaults@feat-package-debug + - uses: fortify/github-action/setup@feat-package-debug with: export-path: false fcli: action-default - - uses: fortify/github-action/internal/fod-login@main - - uses: fortify/github-action/package@main - - uses: fortify/github-action/internal/run-script@main + - uses: fortify/github-action/internal/fod-login@feat-package-debug + - uses: fortify/github-action/package@feat-package-debug + - uses: fortify/github-action/internal/run-script@feat-package-debug with: script: fod-scan.sh env: DO_SAST_SCAN: true # Not used for now GITHUB_TOKEN: ${{ github.token }} - if: env.DO_EXPORT == 'true' - uses: fortify/github-action/fod-export@main + uses: fortify/github-action/fod-export@feat-package-debug branding: icon: 'shield' diff --git a/internal/fod-login/action.yml b/internal/fod-login/action.yml index e8071d9..6b57c89 100644 --- a/internal/fod-login/action.yml +++ b/internal/fod-login/action.yml @@ -7,7 +7,7 @@ runs: # If not run before: check preconditions, run fcli login command, and run # post-job fcli logout command. # Note that the calling action/workflow is responsible for installing fcli - - uses: fortify/github-action/internal/run-script@main + - uses: fortify/github-action/internal/run-script@feat-package-debug if: ${{ !env._FOD_LOGGED_IN }} with: script: fod-login.sh diff --git a/internal/run-script/action.yml b/internal/run-script/action.yml index f72d8f1..97f40e6 100644 --- a/internal/run-script/action.yml +++ b/internal/run-script/action.yml @@ -30,7 +30,7 @@ runs: - run: echo "TEMP_DIR=$(pwd)" >> $GITHUB_ENV shell: bash working-directory: ${{ runner.temp }} - - uses: fortify/github-action/internal/run-script/js@main + - uses: fortify/github-action/internal/run-script/js@feat-package-debug with: dir: ${{ env._RUN_SCRIPTS_DIR }} script: ${{ inputs.script }} diff --git a/internal/run-script/scripts/package.sh b/internal/run-script/scripts/package.sh index f6cc73e..38901da 100755 --- a/internal/run-script/scripts/package.sh +++ b/internal/run-script/scripts/package.sh @@ -4,6 +4,10 @@ requireScanCentralClient checkRequirements -run "PACKAGE" "${SC_CLIENT_CMD}" package -o package.zip __expand:EXTRA_PACKAGE_OPTS __expand:PACKAGE_EXTRA_OPTS +if [[ "${DO_PACKAGE_DEBUG}" == "true" ]]; then + _SC_CLIENT_DEBUG_OPT=-debug +fi + +run "PACKAGE" "${SC_CLIENT_CMD}" ${_SC_CLIENT_DEBUG_OPT} package -o package.zip __expand:EXTRA_PACKAGE_OPTS __expand:PACKAGE_EXTRA_OPTS printRunSummary failOnError diff --git a/internal/sc-sast-login/action.yml b/internal/sc-sast-login/action.yml index e62ee76..be2ccbf 100644 --- a/internal/sc-sast-login/action.yml +++ b/internal/sc-sast-login/action.yml @@ -11,7 +11,7 @@ runs: # If not run before: check preconditions, run fcli login command, and run # post-job fcli logout command. # Note that the calling action/workflow is responsible for installing fcli - - uses: fortify/github-action/internal/run-script@main + - uses: fortify/github-action/internal/run-script@feat-package-debug if: ${{ !env._SC_SAST_LOGGED_IN }} with: script: sc-sast-login.sh diff --git a/internal/ssc-login/action.yml b/internal/ssc-login/action.yml index 7bbe601..e8926db 100644 --- a/internal/ssc-login/action.yml +++ b/internal/ssc-login/action.yml @@ -7,7 +7,7 @@ runs: # If not run before: check preconditions, run fcli login command, and run # post-job fcli logout command. # Note that the calling action/workflow is responsible for installing fcli - - uses: fortify/github-action/internal/run-script@main + - uses: fortify/github-action/internal/run-script@feat-package-debug if: ${{ !env._SSC_LOGGED_IN }} with: script: ssc-login.sh diff --git a/package/README.md b/package/README.md index 316775d..0491734 100644 --- a/package/README.md +++ b/package/README.md @@ -46,6 +46,7 @@ The sample workflow below demonstrates how to configure the action packaging app uses: fortify/github-action/package@v1 env: # SC_CLIENT_VERSION: 24.2 + # DO_PACKAGE_DEBUG: true # PACKAGE_EXTRA_OPTS: -oss -bt mvn # TOOL_DEFINITIONS: https://ftfy.mycompany.com/tool-definitions/v1/tool-definitions.yaml.zip ``` @@ -57,6 +58,7 @@ This section lists the environment variables that can be specified in the `env:` | Environment variable | Description | | :--- | :--- | | SC_CLIENT_VERSION | By default, this action uses ScanCentral Client 24.4.0 for packaging. This environment variable allows for overriding the ScanCentral Client version used for packaging. | +|DO_PACKAGE_DEBUG| If set to true, this will enable the `-debug` option on the `scancentral` command, and store both ScanCentral logs and the `package.zip` file as job artifacts.| |PACKAGE_EXTRA_OPTS
EXTRA_PACKAGE_OPTS| By default, this action runs `scancentral package -o package.zip` to package application source code. Use `PACKAGE_EXTRA_OPTS` to specify additional packaging options, for example `PACKAGE_EXTRA_OPTS: -bt mvn -bf `. See [Command-line options for the package command](https://www.microfocus.com/documentation/fortify-software-security-center/2440/SC_SAST_Help_24.4.0/index.htm#cli/package-cmd.htm) for more information on available options. Note that `EXTRA_PACKAGE_OPTS` is deprecated; please use `PACKAGE_EXTRA_OPTS`.| | TOOL_DEFINITIONS | Fortify tool definitions are used by this GitHub Action to determine available versions, download location and other details of various Fortify-related tools, as required for action execution. By default, the Fortify-provided tool definitions hosted at https://github.com/fortify/tool-definitions/releases/tag/v1 will be used.

This environment variable allows for overriding the default tool definitions, pointing to either a URL or local (workspace) file. For example, if GitHub workflows are not allowed to download tools from their public internet locations, customers may host the tool installation bundles on an internal server, together with a customized tool definitions bundle that lists the alternative download URLs. | diff --git a/package/action.yml b/package/action.yml index dbf9dc6..7d64cfc 100644 --- a/package/action.yml +++ b/package/action.yml @@ -4,14 +4,27 @@ author: 'Fortify' runs: using: composite steps: - - uses: fortify/github-action/internal/setup-java-for-sc-client@main - - uses: fortify/github-action/setup@main + - uses: fortify/github-action/internal/setup-java-for-sc-client@feat-package-debug + - uses: fortify/github-action/setup@feat-package-debug with: export-path: false sc-client: action-default - - uses: fortify/github-action/internal/run-script@main + - uses: fortify/github-action/internal/run-script@feat-package-debug with: script: package.sh + - name: Store ScanCentral package + if: env.DO_PACKAGE_DEBUG == 'true' + uses: actions/upload-artifact@v4 + with: + name: ${{ github.job }}-${{ strategy.job-index }}-scancentral-package + path: package.zip + - name: Store ScanCentral logs + if: env.DO_PACKAGE_DEBUG == 'true' + uses: actions/upload-artifact@v4 + with: + name: ${{ github.job }}-${{ strategy.job-index }}-scancentral-logs + path: ~/.fortify/scancentral-*/log/*.log + include-hidden-files: true branding: icon: 'shield' diff --git a/sc-sast-scan/README.md b/sc-sast-scan/README.md index 24a0c10..86c052f 100644 --- a/sc-sast-scan/README.md +++ b/sc-sast-scan/README.md @@ -67,6 +67,7 @@ The sample workflow below demonstrates how to configure the action for running a # SETUP_ACTION: https://scm.my.org/shared-repos/fcli-actions/setup.yaml # SETUP_EXTRA_OPTS: --on-unsigned=ignore # SC_CLIENT_VERSION: 24.2 + # DO_PACKAGE_DEBUG: true # PACKAGE_EXTRA_OPTS: -oss -bt mvn SC_SAST_SENSOR_VERSION: 24.4.0 # EXTRA_SC_SAST_SCAN_OPTS: @@ -104,6 +105,7 @@ This section lists the environment variables that can be specified in the `env:` |DO_SETUP
SETUP_ACTION
SETUP_EXTRA_OPTS|If `DO_SETUP` is set to `true` (implied if any of the other two `SETUP_*` variables are set), the SSC application version will be automatically created if they do not yet exist, using the fcli-provided [`setup-appversion`](https://fortify.github.io/fcli/v2.11.1/ssc-actions.html#_setup_appversion) or, if specified, the custom fcli action specified through `SETUP_ACTION`. Extra options for the fcli action can be passed through the `SETUP_EXTRA_OPTS` environment variable, for example to copy state from an existing application version using the `--copy-from` option, or to allow an unsigned custom action to be used. Note that if setup is enabled, `SSC_APPVERSION` must be configured with a qualified application version name; you cannot use application version id. Please see the [SSC Fcli Actions](#ssc-fcli-actions) section below for more details.| |DO_DEBRICKED_SCAN|If set to `true`, this GitHub Action will also run a Debricked Software Composition Analysis scan and publish the results to SSC. Note that this requires the [Fortify SSC Parser Plugin for Debricked results](https://github.com/fortify/fortify-ssc-parser-debricked-cyclonedx) to be installed on Fortify SSC, to allow for SSC to accept and process the Debricked scan results submitted by this action.| | SC_CLIENT_VERSION | By default, this action uses ScanCentral Client 24.4.0 for packaging. This environment variable allows for overriding the ScanCentral Client version used for packaging. | +|DO_PACKAGE_DEBUG| If set to true, this will enable the `-debug` option on the `scancentral` command, and store both ScanCentral logs and the `package.zip` file as job artifacts.| |PACKAGE_EXTRA_OPTS
EXTRA_PACKAGE_OPTS| By default, this action runs `scancentral package -o package.zip` to package application source code. Use `PACKAGE_EXTRA_OPTS` to specify additional packaging options, for example `PACKAGE_EXTRA_OPTS: -bt mvn -bf `. See [Command-line options for the package command](https://www.microfocus.com/documentation/fortify-software-security-center/2440/SC_SAST_Help_24.4.0/index.htm#cli/package-cmd.htm) for more information on available options. Note that `EXTRA_PACKAGE_OPTS` is deprecated; please use `PACKAGE_EXTRA_OPTS`.| |**SC_SAST_SENSOR_VERSION**|Version of the ScanCentral SAST sensor on which the scan should be performed; see [`fcli sc-sast scan start` documentation](https://fortify.github.io/fcli/v2.11.1//manpage/fcli-sc-sast-scan-start.html) for details.| |SC_SAST_SCAN_EXTRA_OPTS
EXTRA_SC_SAST_SCAN_OPTS|Extra ScanCentral SAST scan options; see [`fcli sc-sast scan start` documentation](https://fortify.github.io/fcli/v2.11.1//manpage/fcli-sc-sast-scan-start.html). Note that `EXTRA_SC_SAST_SCAN_OPTS` is deprecated; please use `SC_SAST_SCAN_EXTRA_OPTS`.| diff --git a/sc-sast-scan/action.yml b/sc-sast-scan/action.yml index 8445fb6..5642f96 100644 --- a/sc-sast-scan/action.yml +++ b/sc-sast-scan/action.yml @@ -4,23 +4,23 @@ author: 'Fortify' runs: using: composite steps: - - uses: fortify/github-action/internal/set-ssc-var-defaults@main - - uses: fortify/github-action/setup@main + - uses: fortify/github-action/internal/set-ssc-var-defaults@feat-package-debug + - uses: fortify/github-action/setup@feat-package-debug with: export-path: false fcli: action-default debricked-cli: ${{ env.DO_DEBRICKED_SCAN=='true' && 'action-default' || 'skip' }} - - uses: fortify/github-action/internal/ssc-login@main - - uses: fortify/github-action/internal/sc-sast-login@main - - uses: fortify/github-action/package@main - - uses: fortify/github-action/internal/run-script@main + - uses: fortify/github-action/internal/ssc-login@feat-package-debug + - uses: fortify/github-action/internal/sc-sast-login@feat-package-debug + - uses: fortify/github-action/package@feat-package-debug + - uses: fortify/github-action/internal/run-script@feat-package-debug with: script: sc-sast-and-debricked-scan.sh env: DO_SC_SAST_SCAN: true GITHUB_TOKEN: ${{ github.token }} - if: env.DO_EXPORT == 'true' - uses: fortify/github-action/ssc-export@main + uses: fortify/github-action/ssc-export@feat-package-debug branding: icon: 'shield' diff --git a/ssc-debricked-scan/action.yml b/ssc-debricked-scan/action.yml index 72ea583..12f417f 100644 --- a/ssc-debricked-scan/action.yml +++ b/ssc-debricked-scan/action.yml @@ -4,14 +4,14 @@ author: 'Fortify' runs: using: composite steps: - - uses: fortify/github-action/internal/set-ssc-var-defaults@main - - uses: fortify/github-action/setup@main + - uses: fortify/github-action/internal/set-ssc-var-defaults@feat-package-debug + - uses: fortify/github-action/setup@feat-package-debug with: export-path: false fcli: action-default debricked-cli: action-default - - uses: fortify/github-action/internal/ssc-login@main - - uses: fortify/github-action/internal/run-script@main + - uses: fortify/github-action/internal/ssc-login@feat-package-debug + - uses: fortify/github-action/internal/run-script@feat-package-debug with: script: sc-sast-and-debricked-scan.sh env: diff --git a/ssc-export/action.yml b/ssc-export/action.yml index 36061e2..6283a58 100644 --- a/ssc-export/action.yml +++ b/ssc-export/action.yml @@ -4,13 +4,13 @@ author: 'Fortify' runs: using: composite steps: - - uses: fortify/github-action/internal/set-ssc-var-defaults@main - - uses: fortify/github-action/setup@main + - uses: fortify/github-action/internal/set-ssc-var-defaults@feat-package-debug + - uses: fortify/github-action/setup@feat-package-debug with: export-path: false fcli: action-default - - uses: fortify/github-action/internal/ssc-login@main - - uses: fortify/github-action/internal/run-script@main + - uses: fortify/github-action/internal/ssc-login@feat-package-debug + - uses: fortify/github-action/internal/run-script@feat-package-debug with: script: export.sh env: