Trying to fix docker setup #8

Workflow file for this run

.github/workflows/fortify.yml at 4a854b0


	# Create GitHub Action Repository Variables for your version of the application:
	# FORTIFY_BASE_URL should be the Fortify Base URL (e.g. https://ssc.uat.fortifyhosted.net)
	# FORTIFY_PARENT_APPVER_NAME is the Fortify SSC Application Version Name corresponding to the parent branch of any newly created branch, this is typically "main" or "develop"
	# Create GitHub Action Secrets for your version of the application:
	# FORTIFY_SSC_TOKEN should be an SSC Authorization token (CIToken) obtained from your Fortify tenant.
	# FORTIFY_SCSAST_CLIENT_AUTH_TOKEN should be the ScanCentral SAST Client Authentication token for your Fortify tenant.

	name: DevSecOps with Fortify (Hosted)

	on:
	# Triggers the workflow on push or pull request events but only for the main or develop branches
	push:
	paths-ignore:
	- '.github//'
	- 'bin/**'
	- 'data/**'
	- 'etc/**'
	- 'media/**'
	- 'Jenkinsfile'
	- '.gitlab-ci.yml'
	- 'README.md'
	- 'LICENSE'
	branches:
	- '**' # matches every branch
	pull_request:
	branches: [ main, develop ]

	# Allows you to run this workflow manually from the Actions tab
	workflow_dispatch:
	inputs:
	runFortifySASTScan:
	description: 'Carry out SAST scan using Fortify'
	required: false
	default: 'true'
	runSonatypeScan:
	description: 'Carry out SCA scan using Sonatype Nexus IQ'
	required: false
	default: 'false'
	runFortifyDASTScan:
	description: 'Carry out DAST scan using Fortify'
	required: false
	default: 'false'

	# Global environment variables
	env:
	DEFAULT_APP_NAME: "IWA-API"

	jobs:

	Build-And-Test:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/[email protected]
	with:
	# Fetch at least the immediate parents so that if this is a pull request then we can checkout the head.
	fetch-depth: 2
	# If this run was triggered by a pull request event, then checkout the head of the pull request instead of the merge commit.
	- run: git checkout HEAD^2
	if: ${{ github.event_name == 'pull_request' }}

	# TBD

	Sonatype-SCA:
	runs-on: ubuntu-latest
	if: ${{ (github.event_name == 'push') \|\| (github.event_name == 'pull_request') \|\| (github.event.inputs.runSonatypeScan == 'true') }}
	steps:
	- uses: actions/[email protected]
	- uses: actions/setup-java@v3
	with:
	distribution: 'temurin'
	java-version: '11'

	# TODO: Sonatype Nexus IQ scan

	Quality-Gate:
	runs-on: ubuntu-latest
	if: ${{ always() }}
	needs: [ Build-And-Test ]
	steps:
	- uses: actions/[email protected]

	# TBD

	Fortify-SAST-Scan:
	runs-on: ubuntu-latest
	if: ${{ (github.event_name == 'push') \|\| (github.event_name == 'pull_request') \|\| (github.event.inputs.runFortifySASTScan == 'true') }}
	steps:
	- name: Checkout
	uses: actions/[email protected]
	with:
	# Fetch at least the immediate parents so that if this is a pull request then we can checkout the head.
	fetch-depth: 2
	# If this run was triggered by a pull request event, then checkout the head of the pull request instead of the merge commit.
	- run: git checkout HEAD^2
	if: ${{ github.event_name == 'pull_request' }}
	- name: Fortify App and Release Name
	id: fortify-app-and-rel-name
	uses: ./.github/actions/fortify-app-and-release-name
	with:
	default_fortify_app_name: ${{ env.DEFAULT_APP_NAME }}
	default_fortify_release_name: ${{ github.ref_name }}
	app_name_postfix: ${{ vars.FORTIFY_APP_NAME_POSTFIX }}
	- name: Node Fortify SAST scan
	id: node-fortify-sast-scan
	uses: ./.github/actions/node-fortify-sast-scan
	with:
	working_directory: ${{ env.BASE_DIR }}
	ssc_url: ${{ vars.FORTIFY_BASE_URL }}
	ssc_token: ${{ secrets.FORTIFY_SSC_TOKEN }}
	scsast_client_auth_token: ${{ secrets.FORTIFY_SCSAST_CLIENT_AUTH_TOKEN }}
	ssc_app_name: ${{ steps.fortify-app-and-rel-name.outputs.app_name }}
	ssc_appver_name: ${{ steps.fortify-app-and-rel-name.outputs.release_name }}

	Fortify-DAST-Scan:
	runs-on: ubuntu-latest
	if: ${{ (github.event.inputs.runFortifyDASTScan == 'true') }}
	steps:
	- name: Checkout
	uses: actions/[email protected]
	- name: Fortify App and Release Name
	id: fortify-app-and-release-name
	uses: ./.github/actions/fortify-app-and-release-name
	with:
	default_fortify_app_name: ${{ env.DEFAULT_APP_NAME }}
	default_fortify_release_name: 'main'
	app_name_postfix: ${{ vars.FORTIFY_APP_NAME_POSTFIX }}

	# TBD

	Security-Gate:
	runs-on: ubuntu-latest
	if: ${{ always() }}
	needs: [ Fortify-SAST-Scan,Fortify-DAST-Scan ]
	steps:
	- name: Checkout
	uses: actions/[email protected]
	- name: Fortify App and Release Name
	id: fortify-app-and-release-name
	uses: ./.github/actions/fortify-app-and-release-name
	with:
	default_fortify_app_name: ${{ env.DEFAULT_APP_NAME }}
	default_fortify_release_name: 'main'
	app_name_postfix: ${{ vars.FORTIFY_APP_NAME_POSTFIX }}
	#- name: Verify Fortify Security Policy
	# uses: ./.github/actions/verify-fod-security-policy
	# with:
	# fod_api_uri: ${{ vars.FORTIFY_API_URI }}
	# fod_client_id: ${{ secrets.FORTIFY_CLIENT_ID }}
	# fod_client_secret: ${{ secrets.FORTIFY_CLIENT_SECRET }}
	# fod_app_name: ${{ steps.fod-app-and-rel-name.outputs.app_name }}
	# fod_release_name: ${{ steps.fod-app-and-rel-name.outputs.release_name }}

	Release-Gate:
	runs-on: ubuntu-latest
	if: ${{ always() }}
	needs: [ Quality-Gate, Security-Gate ]
	steps:
	- name: Check Out Source Code
	uses: actions/[email protected]

	# TBD

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Trying to fix docker setup #8

Workflow file

Trying to fix docker setup #8

Jobs

Run details

Workflow file for this run