Skip to content

Update FoD pipeline to use "fcli action run ci" #54

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rsenden merged 2 commits into from
Mar 2, 2026
Merged

Update FoD pipeline to use "fcli action run ci" #54

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ee7655d
Update FoD pipeline to use "fcli action run ci"
kadraman Feb 26, 2026
7f0c5e4
chore: updated after PR review
Feb 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
70 changes: 58 additions & 12 deletions devops-integrations/azure/azure-pipelines-fortify-sast-fod.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,14 @@
#
# The following task parameter must be defined
# - ReleaseId
#
Comment thread
kadraman marked this conversation as resolved.
Outdated
# The following pipeline variables must be defined:
# - FOD_URL
# - FOD_CLIENT_ID
# - FOD_CLIENT_SECRET
# - FOD_RELEASE
# - FOD_PARENT_RELEASE
# - FOD_DEFAULT_OWNER

trigger:
- main
Expand All @@ -12,6 +20,9 @@ pool:
vmImage: ubuntu-latest

steps:
- checkout: self
persistCredentials: "true"
Comment thread
kadraman marked this conversation as resolved.
Outdated
clean: "true"
- task: Maven@3
inputs:
mavenPomFile: 'pom.xml'
Expand All @@ -24,16 +35,51 @@ steps:
mavenAuthenticateFeed: false
effectivePomSkip: false
sonarQubeRunAnalysis: false
- task: FortifyOnDemandStatic@8
#- task: FortifyOnDemandStatic@8
# inputs:
# FortifyProjects: '$(Build.Repository.LocalPath)'
# FodConnection: 'FoD_AMS' # create Azure DevOps Service connection with name FoD_AMS
# ReleaseOptions: '0'
# ReleaseId: 00000 # update FoD RELEASE ID
# EntitlementSelection: '1'
# EntitlementPreference: '2'
# OverrideScanSettings: '2'
# InProgressScanActionType: '0'
# RemediationScanPreference: '2'
# BuildType: 'mvn'
# PolicyFailAction: '0'
- task: Bash@3
displayName: 'Install Fortify CLI via @fortify/setup'
inputs:
targetType: 'inline'
script: |
npx @fortify/setup bootstrap-config
npx @fortify/setup env init --tools=fcli:auto,sc-client:auto
npx @fortify/setup env ado
Comment thread
kadraman marked this conversation as resolved.
Outdated
- task: Bash@3
displayName: 'Run FoD CI Scan'
inputs:
FortifyProjects: '$(Build.Repository.LocalPath)'
FodConnection: 'FoD_AMS' # create Azure DevOps Service connection with name FoD_AMS
ReleaseOptions: '0'
ReleaseId: 00000 # update FoD RELEASE ID
EntitlementSelection: '1'
EntitlementPreference: '2'
OverrideScanSettings: '2'
InProgressScanActionType: '0'
RemediationScanPreference: '2'
BuildType: 'mvn'
PolicyFailAction: '0'
targetType: 'inline'
script: |
set -euo pipefail
echo "Running FoD CI Scan for release: ${FOD_RELEASE:-}"
fcli action run ci
env:
FOD_URL: $(FOD_URL)
FOD_CLIENT_ID: $(FOD_CLIENT_ID)
FOD_CLIENT_SECRET: $(FOD_CLIENT_SECRET)
FOD_RELEASE: "$(FOD_RELEASE)"
COPY_FROM_RELEASE: "$(FOD_PARENT_RELEASE)"
SAST_ASSESSMENT_TYPE: "Static Assessment"
SETUP_EXTRA_OPTS: '--sdlc-status Development --app-owner "$(FOD_DEFAULT_OWNER)"'
#PACKAGE_EXTRA_OPTS: ""
DO_SETUP: true
DO_SAST_SCAN: true
DO_AVIATOR_AUDIT: true
DO_SCA_SCAN: true
DO_WAIT: true
SAST_WAIT_EXTRA_OPTS: --timeout 2h
DO_POLICY_CHECK: true
DO_JOB_SUMMARY: true
DO_PR_COMMENT: true
DO_EXPORT: true