From d13971ef025f71cd84849740b65f7b7c6eb08f6a Mon Sep 17 00:00:00 2001 From: Sangamesh Vijaykumar Date: Sun, 29 Mar 2026 20:32:24 +0530 Subject: [PATCH 1/3] fcli actions for IDE --- .../cli/fod/actions/zip/release-issues.yaml | 47 +++++++++ .../ssc/actions/zip/appversion-issues.yaml | 51 ++++++++++ ...aviator-apply-remediations-appversion.yaml | 95 +++++++++++++++++++ .../actions/zip/aviator-audit-appversion.yaml | 77 +++++++++++++++ .../zip/sourceanalyzer-local-scan.yaml | 86 +++++++++++++++++ 5 files changed, 356 insertions(+) create mode 100644 fcli-core/fcli-fod/src/main/resources/com/fortify/cli/fod/actions/zip/release-issues.yaml create mode 100644 fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/appversion-issues.yaml create mode 100644 fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/aviator-apply-remediations-appversion.yaml create mode 100644 fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/aviator-audit-appversion.yaml create mode 100644 fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/sourceanalyzer-local-scan.yaml diff --git a/fcli-core/fcli-fod/src/main/resources/com/fortify/cli/fod/actions/zip/release-issues.yaml b/fcli-core/fcli-fod/src/main/resources/com/fortify/cli/fod/actions/zip/release-issues.yaml new file mode 100644 index 0000000000..48ef969a77 --- /dev/null +++ b/fcli-core/fcli-fod/src/main/resources/com/fortify/cli/fod/actions/zip/release-issues.yaml @@ -0,0 +1,47 @@ +# yaml-language-server: $schema=https://fortify.github.io/fcli/schemas/action/fcli-action-schema-dev-2.x.json + +author: Fortify +usage: + header: (PREVIEW) List issues for FoD release + description: | + This action lists issues for the given FoD release and writes the output as JSON + to stdout, stderr, or a file. + +config: + output: immediate + rest.target.default: fod + +cli.options: + release: + names: --release, --rel + description: Required release id or :[:] + required: true + query: + names: --query, -q + description: Optional issue query expression + required: false + embed: + names: --embed + description: Optional comma-separated embedded data to include + required: false + include: + names: --include + description: Optional comma-separated include flags + required: false + file: + names: --file, -f + description: Output target (stdout, stderr, or file path) + required: false + default: stdout + +steps: + - run.fcli: + issues: + cmd: fod issue ls --rel "${cli.release}" ${#opt("-q", cli.query)} ${#opt("--embed", cli.embed)} ${#opt("--include", cli.include)} + records.collect: true + + - out.write: + ${cli.file}: ${issues.records} + + - if: ${!{'stdout','stderr'}.contains(cli.file)} + log.info: Output written to ${cli.file} diff --git a/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/appversion-issues.yaml b/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/appversion-issues.yaml new file mode 100644 index 0000000000..a788159c9f --- /dev/null +++ b/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/appversion-issues.yaml @@ -0,0 +1,51 @@ +# yaml-language-server: $schema=https://fortify.github.io/fcli/schemas/action/fcli-action-schema-dev-2.x.json + +author: Fortify +usage: + header: (PREVIEW) List issues for SSC application version + description: | + This action lists issues for the given SSC application version and writes the output + as JSON to stdout, stderr, or a file. + +config: + output: immediate + rest.target.default: ssc + +cli.options: + appversion: + names: --appversion, --av + description: SSC application version id or : + required: true + filterset: + names: --filterset, --fs + description: Optional filter set name or id + required: false + query: + names: --query, -q + description: Optional issue query expression + required: false + embed: + names: --embed + description: Optional comma-separated embedded data to include + required: false + include: + names: --include + description: Optional comma-separated include flags + required: false + file: + names: --file, -f + description: Output target (stdout, stderr, or file path) + required: false + default: stdout + +steps: + - run.fcli: + issues: + cmd: ssc issue ls --av "${cli.appversion}" ${#opt("--fs", cli.filterset)} ${#opt("-q", cli.query)} ${#opt("--embed", cli.embed)} ${#opt("--include", cli.include)} + records.collect: true + + - out.write: + ${cli.file}: ${issues.records} + + - if: ${!{'stdout','stderr'}.contains(cli.file)} + log.info: Output written to ${cli.file} diff --git a/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/aviator-apply-remediations-appversion.yaml b/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/aviator-apply-remediations-appversion.yaml new file mode 100644 index 0000000000..726d2ca12a --- /dev/null +++ b/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/aviator-apply-remediations-appversion.yaml @@ -0,0 +1,95 @@ +# yaml-language-server: $schema=https://fortify.github.io/fcli/schemas/action/fcli-action-schema-dev-2.x.json + +author: Fortify +usage: + header: (PREVIEW) Apply Aviator remediations from SSC appversion to source code + description: | + This action applies Aviator auto-remediations to source code for a given SSC application version. + If --artifact is not provided, the action first runs Aviator audit to generate and upload an + audited artifact, then applies remediations from that artifact. + +config: + output: immediate + rest.target.default: ssc + run.fcli.status.log.default: true + run.fcli.status.check.default: true + +cli.options: + appversion: + names: --appversion, --av + description: SSC application version id or : + required: true + sourceDir: + names: --source-dir, -s + description: Source code directory where remediations should be applied + required: false + default: . + artifact: + names: --artifact + description: Optional existing SSC artifact id; if specified, audit step is skipped + required: false + app: + names: --app + description: Optional Aviator application name override for audit step + required: false + tagMapping: + names: --tag-mapping + description: Optional path to tag-mapping YAML file for audit step + required: false + prepare: + names: --prepare + description: Run aviator ssc prepare for the specified appversion before audit + required: false + type: boolean + default: false + noFilterset: + names: --no-filterset + description: Ignore SSC filter set during audit step + required: false + type: boolean + default: false + filterset: + names: --filterset, --fs + description: Optional filter set name or id for audit step + required: false + refresh: + names: --refresh + description: Refresh SSC metrics before auditing + required: false + type: boolean + default: true + refreshTimeout: + names: --refresh-timeout + description: Refresh timeout, for example 60s, 5m, 1h + required: false + default: 60s + skipWait: + names: --skip-wait + description: Skip waiting for SSC artifact processing after audit upload + required: false + type: boolean + default: false + +steps: + - var.set: + auditArtifactStoreVar: aviator_remediate_${#action.runID().replace('-','_')} + + - if: ${#isBlank(cli.artifact) && cli.prepare} + run.fcli: + PREPARE: aviator ssc prepare --av "${cli.appversion}" + + - if: ${#isBlank(cli.artifact)} + run.fcli: + AUDIT: + cmd: aviator ssc audit --av "${cli.appversion}" ${#opt("--app", cli.app)} ${#opt("--tag-mapping", cli.tagMapping)} ${cli.noFilterset?"--no-filterset":""} ${#opt("--fs", cli.filterset)} --refresh=${cli.refresh} --refresh-timeout="${cli.refreshTimeout}" --store ${auditArtifactStoreVar} + + - if: ${#isBlank(cli.artifact) && !cli.skipWait} + run.fcli: + WAIT: ssc artifact wait-for ::${auditArtifactStoreVar}:: + + - var.set: + remediationArtifactRef: ${#isBlank(cli.artifact)?'::'+auditArtifactStoreVar+'::':cli.artifact} + + - run.fcli: + APPLY_REMEDIATIONS: + cmd: aviator ssc apply-remediations --artifact "${remediationArtifactRef}" --source-dir "${cli.sourceDir}" diff --git a/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/aviator-audit-appversion.yaml b/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/aviator-audit-appversion.yaml new file mode 100644 index 0000000000..d6f9bfb060 --- /dev/null +++ b/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/aviator-audit-appversion.yaml @@ -0,0 +1,77 @@ +# yaml-language-server: $schema=https://fortify.github.io/fcli/schemas/action/fcli-action-schema-dev-2.x.json + +author: Fortify +usage: + header: (PREVIEW) Run Aviator audit for SSC application version + description: | + This action runs Aviator audit for a single SSC application version, + optionally prepares Aviator tags first, and waits for uploaded artifact processing. + +config: + output: immediate + rest.target.default: ssc + run.fcli.status.log.default: true + run.fcli.status.check.default: true + +cli.options: + appversion: + names: --appversion, --av + description: SSC application version id or : + required: true + app: + names: --app + description: Optional Aviator application name override + required: false + tagMapping: + names: --tag-mapping + description: Optional path to tag-mapping YAML file + required: false + prepare: + names: --prepare + description: Run aviator ssc prepare for the specified appversion before auditing + required: false + type: boolean + default: false + noFilterset: + names: --no-filterset + description: Ignore SSC filter set during auditing + required: false + type: boolean + default: false + filterset: + names: --filterset, --fs + description: Optional filter set name or id + required: false + refresh: + names: --refresh + description: Refresh SSC metrics before auditing + required: false + type: boolean + default: true + refreshTimeout: + names: --refresh-timeout + description: Refresh timeout, for example 60s, 5m, 1h + required: false + default: 60s + skipWait: + names: --skip-wait + description: Skip waiting for SSC artifact processing after audit upload + required: false + type: boolean + default: false + +steps: + - var.set: + artifactStoreVar: aviator_audit_${#action.runID().replace('-','_')} + + - if: ${cli.prepare} + run.fcli: + PREPARE: aviator ssc prepare --av "${cli.appversion}" + + - run.fcli: + AUDIT: + cmd: aviator ssc audit --av "${cli.appversion}" ${#opt("--app", cli.app)} ${#opt("--tag-mapping", cli.tagMapping)} ${cli.noFilterset?"--no-filterset":""} ${#opt("--fs", cli.filterset)} --refresh=${cli.refresh} --refresh-timeout="${cli.refreshTimeout}" --store ${artifactStoreVar} + + - if: ${!cli.skipWait} + run.fcli: + WAIT: ssc artifact wait-for ::${artifactStoreVar}:: diff --git a/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/sourceanalyzer-local-scan.yaml b/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/sourceanalyzer-local-scan.yaml new file mode 100644 index 0000000000..2c65da53ba --- /dev/null +++ b/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/sourceanalyzer-local-scan.yaml @@ -0,0 +1,86 @@ +# yaml-language-server: $schema=https://fortify.github.io/fcli/schemas/action/fcli-action-schema-dev-2.x.json + +author: Fortify +usage: + header: (PREVIEW) Run local SourceAnalyzer scan and upload to SSC + description: | + This action performs a local Fortify SourceAnalyzer scan against the given source directory, + writes an FPR file, and optionally uploads the resulting artifact to SSC. + +config: + output: immediate + rest.target.default: ssc + run.fcli.status.log.default: true + run.fcli.status.check.default: true + +cli.options: + appversion: + names: --appversion, --av + description: SSC application version id or : to upload scan results to + required: true + sourceDir: + names: --source-dir, -s + description: Source directory to scan + required: false + default: . + buildId: + names: --build-id, -b + description: SourceAnalyzer build id + required: false + default: fcli-local-scan + fprFile: + names: --fpr-file, -f + description: Output FPR file path + required: false + default: sourceanalyzer.fpr + sourceAnalyzerVersion: + names: --sourceanalyzer-version, -v + description: | + SourceAnalyzer version, installation path, latest, or auto. + Defaults to SOURCEANALYZER_HOME or SOURCEANALYZER_VERSION env vars, then auto. + required: false + default: ${#ifBlank(#env('SOURCEANALYZER_HOME'),#ifBlank(#env('SOURCEANALYZER_VERSION'),'auto'))} + toolDefinitions: + names: --tool-definitions + description: Custom tool definitions for resolving SourceAnalyzer versions and download URLs + required: false + upload: + names: --upload + description: Upload generated FPR to SSC + required: false + type: boolean + default: true + skipWait: + names: --skip-wait + description: Skip waiting for SSC artifact processing after upload + required: false + type: boolean + default: false + extraTranslateOpts: + names: --extra-translate-opts + description: Extra options to pass to the SourceAnalyzer translate phase + required: false + extraScanOpts: + names: --extra-scan-opts + description: Extra options to pass to the SourceAnalyzer scan phase + required: false + +steps: + - var.set: + resolvedFprFile: ${#resolveAgainstCurrentWorkDir(cli.fprFile)} + artifactStoreVar: sa_local_scan_${#action.runID().replace('-','_')} + + - run.fcli: + SETUP_TOOLS: fcli tool env init "--tools=sourceanalyzer:${cli.sourceAnalyzerVersion}" ${#opt("--tool-definitions", cli.toolDefinitions)} + TRANSLATE: + cmd: fcli tool sourceanalyzer run --workdir ${cli.sourceDir} -- -b "${cli.buildId}" ${cli.extraTranslateOpts} + SCAN: + cmd: fcli tool sourceanalyzer run --workdir ${cli.sourceDir} -- -b "${cli.buildId}" -scan -f "${resolvedFprFile}" ${cli.extraScanOpts} + + - if: ${cli.upload} + run.fcli: + UPLOAD: fcli ssc artifact upload --av "${cli.appversion}" -f "${resolvedFprFile}" --store ${artifactStoreVar} + + - if: ${cli.upload && !cli.skipWait} + run.fcli: + WAIT: fcli ssc artifact wait-for ::${artifactStoreVar}:: From 5ea0a737c2c1c62281ef7ad1c3517fab03db0925 Mon Sep 17 00:00:00 2001 From: Sangamesh Vijaykumar Date: Tue, 31 Mar 2026 16:12:32 +0530 Subject: [PATCH 2/3] Fixed local scanning work flow and updated cli options --- .../zip/sourceanalyzer-local-scan.yaml | 51 ++++++++----------- 1 file changed, 20 insertions(+), 31 deletions(-) diff --git a/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/sourceanalyzer-local-scan.yaml b/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/sourceanalyzer-local-scan.yaml index 2c65da53ba..5fce8daae3 100644 --- a/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/sourceanalyzer-local-scan.yaml +++ b/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/sourceanalyzer-local-scan.yaml @@ -5,7 +5,7 @@ usage: header: (PREVIEW) Run local SourceAnalyzer scan and upload to SSC description: | This action performs a local Fortify SourceAnalyzer scan against the given source directory, - writes an FPR file, and optionally uploads the resulting artifact to SSC. + writes an FPR file, and uploads the resulting artifact to SSC if an application version is specified. config: output: immediate @@ -14,12 +14,8 @@ config: run.fcli.status.check.default: true cli.options: - appversion: - names: --appversion, --av - description: SSC application version id or : to upload scan results to - required: true sourceDir: - names: --source-dir, -s + names: --source-dir, -d description: Source directory to scan required: false default: . @@ -29,7 +25,7 @@ cli.options: required: false default: fcli-local-scan fprFile: - names: --fpr-file, -f + names: --output-fpr-file, -o description: Output FPR file path required: false default: sourceanalyzer.fpr @@ -40,22 +36,6 @@ cli.options: Defaults to SOURCEANALYZER_HOME or SOURCEANALYZER_VERSION env vars, then auto. required: false default: ${#ifBlank(#env('SOURCEANALYZER_HOME'),#ifBlank(#env('SOURCEANALYZER_VERSION'),'auto'))} - toolDefinitions: - names: --tool-definitions - description: Custom tool definitions for resolving SourceAnalyzer versions and download URLs - required: false - upload: - names: --upload - description: Upload generated FPR to SSC - required: false - type: boolean - default: true - skipWait: - names: --skip-wait - description: Skip waiting for SSC artifact processing after upload - required: false - type: boolean - default: false extraTranslateOpts: names: --extra-translate-opts description: Extra options to pass to the SourceAnalyzer translate phase @@ -64,23 +44,32 @@ cli.options: names: --extra-scan-opts description: Extra options to pass to the SourceAnalyzer scan phase required: false + appversion: + names: --appversion, --av + description: SSC application version id or :; if specified, upload scan results to SSC + required: false + skipWait: + names: --skip-wait + description: Skip waiting for SSC artifact processing after upload + required: false + type: boolean + default: false steps: - var.set: resolvedFprFile: ${#resolveAgainstCurrentWorkDir(cli.fprFile)} artifactStoreVar: sa_local_scan_${#action.runID().replace('-','_')} + waitForCmd: 'fcli ssc artifact wait-for ::${artifactStoreVar}::' - run.fcli: - SETUP_TOOLS: fcli tool env init "--tools=sourceanalyzer:${cli.sourceAnalyzerVersion}" ${#opt("--tool-definitions", cli.toolDefinitions)} - TRANSLATE: - cmd: fcli tool sourceanalyzer run --workdir ${cli.sourceDir} -- -b "${cli.buildId}" ${cli.extraTranslateOpts} - SCAN: - cmd: fcli tool sourceanalyzer run --workdir ${cli.sourceDir} -- -b "${cli.buildId}" -scan -f "${resolvedFprFile}" ${cli.extraScanOpts} + SETUP_TOOLS: fcli tool env init "--tools=sourceanalyzer:${cli.sourceAnalyzerVersion}" + TRANSLATE: fcli tool sourceanalyzer run -- -b "${cli.buildId}" ${cli.sourceDir} ${cli.extraTranslateOpts} + SCAN: fcli tool sourceanalyzer run -- -b "${cli.buildId}" -scan -f "${resolvedFprFile}" ${cli.extraScanOpts} - - if: ${cli.upload} + - if: ${#isNotBlank(cli.appversion)} run.fcli: UPLOAD: fcli ssc artifact upload --av "${cli.appversion}" -f "${resolvedFprFile}" --store ${artifactStoreVar} - - if: ${cli.upload && !cli.skipWait} + - if: ${#isNotBlank(cli.appversion) && !cli.skipWait} run.fcli: - WAIT: fcli ssc artifact wait-for ::${artifactStoreVar}:: + WAIT: ${waitForCmd} From a8e96266dd24cfda7b56b3a538bf51a8e779fe6a Mon Sep 17 00:00:00 2001 From: Sangamesh Vijaykumar Date: Tue, 31 Mar 2026 16:40:31 +0530 Subject: [PATCH 3/3] Deleting IDE specific fcli action files. --- .../cli/fod/actions/zip/release-issues.yaml | 47 --------- .../ssc/actions/zip/appversion-issues.yaml | 51 ---------- ...aviator-apply-remediations-appversion.yaml | 95 ------------------- .../actions/zip/aviator-audit-appversion.yaml | 77 --------------- 4 files changed, 270 deletions(-) delete mode 100644 fcli-core/fcli-fod/src/main/resources/com/fortify/cli/fod/actions/zip/release-issues.yaml delete mode 100644 fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/appversion-issues.yaml delete mode 100644 fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/aviator-apply-remediations-appversion.yaml delete mode 100644 fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/aviator-audit-appversion.yaml diff --git a/fcli-core/fcli-fod/src/main/resources/com/fortify/cli/fod/actions/zip/release-issues.yaml b/fcli-core/fcli-fod/src/main/resources/com/fortify/cli/fod/actions/zip/release-issues.yaml deleted file mode 100644 index 48ef969a77..0000000000 --- a/fcli-core/fcli-fod/src/main/resources/com/fortify/cli/fod/actions/zip/release-issues.yaml +++ /dev/null @@ -1,47 +0,0 @@ -# yaml-language-server: $schema=https://fortify.github.io/fcli/schemas/action/fcli-action-schema-dev-2.x.json - -author: Fortify -usage: - header: (PREVIEW) List issues for FoD release - description: | - This action lists issues for the given FoD release and writes the output as JSON - to stdout, stderr, or a file. - -config: - output: immediate - rest.target.default: fod - -cli.options: - release: - names: --release, --rel - description: Required release id or :[:] - required: true - query: - names: --query, -q - description: Optional issue query expression - required: false - embed: - names: --embed - description: Optional comma-separated embedded data to include - required: false - include: - names: --include - description: Optional comma-separated include flags - required: false - file: - names: --file, -f - description: Output target (stdout, stderr, or file path) - required: false - default: stdout - -steps: - - run.fcli: - issues: - cmd: fod issue ls --rel "${cli.release}" ${#opt("-q", cli.query)} ${#opt("--embed", cli.embed)} ${#opt("--include", cli.include)} - records.collect: true - - - out.write: - ${cli.file}: ${issues.records} - - - if: ${!{'stdout','stderr'}.contains(cli.file)} - log.info: Output written to ${cli.file} diff --git a/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/appversion-issues.yaml b/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/appversion-issues.yaml deleted file mode 100644 index a788159c9f..0000000000 --- a/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/appversion-issues.yaml +++ /dev/null @@ -1,51 +0,0 @@ -# yaml-language-server: $schema=https://fortify.github.io/fcli/schemas/action/fcli-action-schema-dev-2.x.json - -author: Fortify -usage: - header: (PREVIEW) List issues for SSC application version - description: | - This action lists issues for the given SSC application version and writes the output - as JSON to stdout, stderr, or a file. - -config: - output: immediate - rest.target.default: ssc - -cli.options: - appversion: - names: --appversion, --av - description: SSC application version id or : - required: true - filterset: - names: --filterset, --fs - description: Optional filter set name or id - required: false - query: - names: --query, -q - description: Optional issue query expression - required: false - embed: - names: --embed - description: Optional comma-separated embedded data to include - required: false - include: - names: --include - description: Optional comma-separated include flags - required: false - file: - names: --file, -f - description: Output target (stdout, stderr, or file path) - required: false - default: stdout - -steps: - - run.fcli: - issues: - cmd: ssc issue ls --av "${cli.appversion}" ${#opt("--fs", cli.filterset)} ${#opt("-q", cli.query)} ${#opt("--embed", cli.embed)} ${#opt("--include", cli.include)} - records.collect: true - - - out.write: - ${cli.file}: ${issues.records} - - - if: ${!{'stdout','stderr'}.contains(cli.file)} - log.info: Output written to ${cli.file} diff --git a/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/aviator-apply-remediations-appversion.yaml b/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/aviator-apply-remediations-appversion.yaml deleted file mode 100644 index 726d2ca12a..0000000000 --- a/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/aviator-apply-remediations-appversion.yaml +++ /dev/null @@ -1,95 +0,0 @@ -# yaml-language-server: $schema=https://fortify.github.io/fcli/schemas/action/fcli-action-schema-dev-2.x.json - -author: Fortify -usage: - header: (PREVIEW) Apply Aviator remediations from SSC appversion to source code - description: | - This action applies Aviator auto-remediations to source code for a given SSC application version. - If --artifact is not provided, the action first runs Aviator audit to generate and upload an - audited artifact, then applies remediations from that artifact. - -config: - output: immediate - rest.target.default: ssc - run.fcli.status.log.default: true - run.fcli.status.check.default: true - -cli.options: - appversion: - names: --appversion, --av - description: SSC application version id or : - required: true - sourceDir: - names: --source-dir, -s - description: Source code directory where remediations should be applied - required: false - default: . - artifact: - names: --artifact - description: Optional existing SSC artifact id; if specified, audit step is skipped - required: false - app: - names: --app - description: Optional Aviator application name override for audit step - required: false - tagMapping: - names: --tag-mapping - description: Optional path to tag-mapping YAML file for audit step - required: false - prepare: - names: --prepare - description: Run aviator ssc prepare for the specified appversion before audit - required: false - type: boolean - default: false - noFilterset: - names: --no-filterset - description: Ignore SSC filter set during audit step - required: false - type: boolean - default: false - filterset: - names: --filterset, --fs - description: Optional filter set name or id for audit step - required: false - refresh: - names: --refresh - description: Refresh SSC metrics before auditing - required: false - type: boolean - default: true - refreshTimeout: - names: --refresh-timeout - description: Refresh timeout, for example 60s, 5m, 1h - required: false - default: 60s - skipWait: - names: --skip-wait - description: Skip waiting for SSC artifact processing after audit upload - required: false - type: boolean - default: false - -steps: - - var.set: - auditArtifactStoreVar: aviator_remediate_${#action.runID().replace('-','_')} - - - if: ${#isBlank(cli.artifact) && cli.prepare} - run.fcli: - PREPARE: aviator ssc prepare --av "${cli.appversion}" - - - if: ${#isBlank(cli.artifact)} - run.fcli: - AUDIT: - cmd: aviator ssc audit --av "${cli.appversion}" ${#opt("--app", cli.app)} ${#opt("--tag-mapping", cli.tagMapping)} ${cli.noFilterset?"--no-filterset":""} ${#opt("--fs", cli.filterset)} --refresh=${cli.refresh} --refresh-timeout="${cli.refreshTimeout}" --store ${auditArtifactStoreVar} - - - if: ${#isBlank(cli.artifact) && !cli.skipWait} - run.fcli: - WAIT: ssc artifact wait-for ::${auditArtifactStoreVar}:: - - - var.set: - remediationArtifactRef: ${#isBlank(cli.artifact)?'::'+auditArtifactStoreVar+'::':cli.artifact} - - - run.fcli: - APPLY_REMEDIATIONS: - cmd: aviator ssc apply-remediations --artifact "${remediationArtifactRef}" --source-dir "${cli.sourceDir}" diff --git a/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/aviator-audit-appversion.yaml b/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/aviator-audit-appversion.yaml deleted file mode 100644 index d6f9bfb060..0000000000 --- a/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/aviator-audit-appversion.yaml +++ /dev/null @@ -1,77 +0,0 @@ -# yaml-language-server: $schema=https://fortify.github.io/fcli/schemas/action/fcli-action-schema-dev-2.x.json - -author: Fortify -usage: - header: (PREVIEW) Run Aviator audit for SSC application version - description: | - This action runs Aviator audit for a single SSC application version, - optionally prepares Aviator tags first, and waits for uploaded artifact processing. - -config: - output: immediate - rest.target.default: ssc - run.fcli.status.log.default: true - run.fcli.status.check.default: true - -cli.options: - appversion: - names: --appversion, --av - description: SSC application version id or : - required: true - app: - names: --app - description: Optional Aviator application name override - required: false - tagMapping: - names: --tag-mapping - description: Optional path to tag-mapping YAML file - required: false - prepare: - names: --prepare - description: Run aviator ssc prepare for the specified appversion before auditing - required: false - type: boolean - default: false - noFilterset: - names: --no-filterset - description: Ignore SSC filter set during auditing - required: false - type: boolean - default: false - filterset: - names: --filterset, --fs - description: Optional filter set name or id - required: false - refresh: - names: --refresh - description: Refresh SSC metrics before auditing - required: false - type: boolean - default: true - refreshTimeout: - names: --refresh-timeout - description: Refresh timeout, for example 60s, 5m, 1h - required: false - default: 60s - skipWait: - names: --skip-wait - description: Skip waiting for SSC artifact processing after audit upload - required: false - type: boolean - default: false - -steps: - - var.set: - artifactStoreVar: aviator_audit_${#action.runID().replace('-','_')} - - - if: ${cli.prepare} - run.fcli: - PREPARE: aviator ssc prepare --av "${cli.appversion}" - - - run.fcli: - AUDIT: - cmd: aviator ssc audit --av "${cli.appversion}" ${#opt("--app", cli.app)} ${#opt("--tag-mapping", cli.tagMapping)} ${cli.noFilterset?"--no-filterset":""} ${#opt("--fs", cli.filterset)} --refresh=${cli.refresh} --refresh-timeout="${cli.refreshTimeout}" --store ${artifactStoreVar} - - - if: ${!cli.skipWait} - run.fcli: - WAIT: ssc artifact wait-for ::${artifactStoreVar}::