Update SQLInjectionExample.java #22

Summary
Jobs
- test_fortify
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/fortify.yml at 17f7f66

	on: [pull_request]
	permissions:
	actions: write
	checks: write
	contents: write
	pull-requests: write
	statuses: write

	jobs:
	test_fortify:
	runs-on: ubuntu-latest
	steps:
	- name: Setup Java on this machine
	uses: actions/setup-java@v3
	with:
	distribution: "oracle"
	java-version: "19"
	- name: Setup Maven on this machine
	uses: stCarolas/[email protected]
	with:
	maven-version: 3.8.6
	- name: Setup Node on this machine
	uses: actions/[email protected]
	with:
	node-version: 18
	- name: Install sed
	run: sudo apt-get update && sudo apt-get install -y sed

	- name: Checkout repo to get code
	uses: actions/checkout@v3

	- name: Download Fortify uploader CLI
	run: \|
	wget https://tools.fortify.com/scancentral/Fortify_ScanCentral_Client_21.2.0_x64.zip -O fcs.zip
	unzip fcs.zip
	chmod +x bin/scancentral
	wget https://github.com/fod-dev/fod-uploader-java/releases/download/v5.4.0/FodUpload.jar -O FodUpload.jar

	- name: Run Fortify SAST scan
	run: \|
	./bin/scancentral package -bt mvn -o fortify_package.zip

	UPLOAD_OUTPUT=$(java -jar FodUpload.jar \
	-z fortify_package.zip \
	-ep SingleScanOnly \
	-portalurl https://ams.fortify.com/ \
	-apiurl https://api.ams.fortify.com/ \
	-userCredentials ${{ secrets.FORTIFY_USER }} ${{ secrets.FORTIFY_TOKEN }} \
	-tenantCode ${{ secrets.FORTIFY_TENANT }} \
	-releaseId ${{ secrets.FORTIFY_RELEASE_ID }} \
	-pp Queue)
	SCAN_ID=$(echo "$UPLOAD_OUTPUT" \| sed -n 's/Scan $[0-9]$.$/\1/p')

	FORTIFY_USER=${{ secrets.FORTIFY_USER }} FORTIFY_TOKEN=${{ secrets.FORTIFY_TOKEN }} FORTIFY_TENANT=${{ secrets.FORTIFY_TENANT }} node .github/scripts/fortify-wait-fpr.js "$SCAN_ID"
	- name: Archive fpr
	if: always()
	uses: actions/upload-artifact@v3
	with:
	name: fpr
	path: scandata.fpr

	- name: Run Mobb on the findings and get fixes
	if: always()
	uses: mobb-dev/[email protected]
	with:
	report-file: "scandata.fpr"
	api-key: ${{ secrets.MOBB_API_TOKEN }}
	github-token: ${{ secrets.GITHUB_TOKEN }}
	scanner: fortify
	mobb-project-name: Action

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update SQLInjectionExample.java #22

Workflow file

Update SQLInjectionExample.java #22

Jobs

Run details

Workflow file for this run