From d13971ef025f71cd84849740b65f7b7c6eb08f6a Mon Sep 17 00:00:00 2001 From: Sangamesh Vijaykumar Date: Sun, 29 Mar 2026 20:32:24 +0530 Subject: [PATCH] fcli actions for IDE --- .../cli/fod/actions/zip/release-issues.yaml | 47 +++++++++ .../ssc/actions/zip/appversion-issues.yaml | 51 ++++++++++ ...aviator-apply-remediations-appversion.yaml | 95 +++++++++++++++++++ .../actions/zip/aviator-audit-appversion.yaml | 77 +++++++++++++++ .../zip/sourceanalyzer-local-scan.yaml | 86 +++++++++++++++++ 5 files changed, 356 insertions(+) create mode 100644 fcli-core/fcli-fod/src/main/resources/com/fortify/cli/fod/actions/zip/release-issues.yaml create mode 100644 fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/appversion-issues.yaml create mode 100644 fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/aviator-apply-remediations-appversion.yaml create mode 100644 fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/aviator-audit-appversion.yaml create mode 100644 fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/sourceanalyzer-local-scan.yaml diff --git a/fcli-core/fcli-fod/src/main/resources/com/fortify/cli/fod/actions/zip/release-issues.yaml b/fcli-core/fcli-fod/src/main/resources/com/fortify/cli/fod/actions/zip/release-issues.yaml new file mode 100644 index 0000000000..48ef969a77 --- /dev/null +++ b/fcli-core/fcli-fod/src/main/resources/com/fortify/cli/fod/actions/zip/release-issues.yaml @@ -0,0 +1,47 @@ +# yaml-language-server: $schema=https://fortify.github.io/fcli/schemas/action/fcli-action-schema-dev-2.x.json + +author: Fortify +usage: + header: (PREVIEW) List issues for FoD release + description: | + This action lists issues for the given FoD release and writes the output as JSON + to stdout, stderr, or a file. + +config: + output: immediate + rest.target.default: fod + +cli.options: + release: + names: --release, --rel + description: Required release id or :[:] + required: true + query: + names: --query, -q + description: Optional issue query expression + required: false + embed: + names: --embed + description: Optional comma-separated embedded data to include + required: false + include: + names: --include + description: Optional comma-separated include flags + required: false + file: + names: --file, -f + description: Output target (stdout, stderr, or file path) + required: false + default: stdout + +steps: + - run.fcli: + issues: + cmd: fod issue ls --rel "${cli.release}" ${#opt("-q", cli.query)} ${#opt("--embed", cli.embed)} ${#opt("--include", cli.include)} + records.collect: true + + - out.write: + ${cli.file}: ${issues.records} + + - if: ${!{'stdout','stderr'}.contains(cli.file)} + log.info: Output written to ${cli.file} diff --git a/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/appversion-issues.yaml b/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/appversion-issues.yaml new file mode 100644 index 0000000000..a788159c9f --- /dev/null +++ b/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/appversion-issues.yaml @@ -0,0 +1,51 @@ +# yaml-language-server: $schema=https://fortify.github.io/fcli/schemas/action/fcli-action-schema-dev-2.x.json + +author: Fortify +usage: + header: (PREVIEW) List issues for SSC application version + description: | + This action lists issues for the given SSC application version and writes the output + as JSON to stdout, stderr, or a file. + +config: + output: immediate + rest.target.default: ssc + +cli.options: + appversion: + names: --appversion, --av + description: SSC application version id or : + required: true + filterset: + names: --filterset, --fs + description: Optional filter set name or id + required: false + query: + names: --query, -q + description: Optional issue query expression + required: false + embed: + names: --embed + description: Optional comma-separated embedded data to include + required: false + include: + names: --include + description: Optional comma-separated include flags + required: false + file: + names: --file, -f + description: Output target (stdout, stderr, or file path) + required: false + default: stdout + +steps: + - run.fcli: + issues: + cmd: ssc issue ls --av "${cli.appversion}" ${#opt("--fs", cli.filterset)} ${#opt("-q", cli.query)} ${#opt("--embed", cli.embed)} ${#opt("--include", cli.include)} + records.collect: true + + - out.write: + ${cli.file}: ${issues.records} + + - if: ${!{'stdout','stderr'}.contains(cli.file)} + log.info: Output written to ${cli.file} diff --git a/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/aviator-apply-remediations-appversion.yaml b/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/aviator-apply-remediations-appversion.yaml new file mode 100644 index 0000000000..726d2ca12a --- /dev/null +++ b/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/aviator-apply-remediations-appversion.yaml @@ -0,0 +1,95 @@ +# yaml-language-server: $schema=https://fortify.github.io/fcli/schemas/action/fcli-action-schema-dev-2.x.json + +author: Fortify +usage: + header: (PREVIEW) Apply Aviator remediations from SSC appversion to source code + description: | + This action applies Aviator auto-remediations to source code for a given SSC application version. + If --artifact is not provided, the action first runs Aviator audit to generate and upload an + audited artifact, then applies remediations from that artifact. + +config: + output: immediate + rest.target.default: ssc + run.fcli.status.log.default: true + run.fcli.status.check.default: true + +cli.options: + appversion: + names: --appversion, --av + description: SSC application version id or : + required: true + sourceDir: + names: --source-dir, -s + description: Source code directory where remediations should be applied + required: false + default: . + artifact: + names: --artifact + description: Optional existing SSC artifact id; if specified, audit step is skipped + required: false + app: + names: --app + description: Optional Aviator application name override for audit step + required: false + tagMapping: + names: --tag-mapping + description: Optional path to tag-mapping YAML file for audit step + required: false + prepare: + names: --prepare + description: Run aviator ssc prepare for the specified appversion before audit + required: false + type: boolean + default: false + noFilterset: + names: --no-filterset + description: Ignore SSC filter set during audit step + required: false + type: boolean + default: false + filterset: + names: --filterset, --fs + description: Optional filter set name or id for audit step + required: false + refresh: + names: --refresh + description: Refresh SSC metrics before auditing + required: false + type: boolean + default: true + refreshTimeout: + names: --refresh-timeout + description: Refresh timeout, for example 60s, 5m, 1h + required: false + default: 60s + skipWait: + names: --skip-wait + description: Skip waiting for SSC artifact processing after audit upload + required: false + type: boolean + default: false + +steps: + - var.set: + auditArtifactStoreVar: aviator_remediate_${#action.runID().replace('-','_')} + + - if: ${#isBlank(cli.artifact) && cli.prepare} + run.fcli: + PREPARE: aviator ssc prepare --av "${cli.appversion}" + + - if: ${#isBlank(cli.artifact)} + run.fcli: + AUDIT: + cmd: aviator ssc audit --av "${cli.appversion}" ${#opt("--app", cli.app)} ${#opt("--tag-mapping", cli.tagMapping)} ${cli.noFilterset?"--no-filterset":""} ${#opt("--fs", cli.filterset)} --refresh=${cli.refresh} --refresh-timeout="${cli.refreshTimeout}" --store ${auditArtifactStoreVar} + + - if: ${#isBlank(cli.artifact) && !cli.skipWait} + run.fcli: + WAIT: ssc artifact wait-for ::${auditArtifactStoreVar}:: + + - var.set: + remediationArtifactRef: ${#isBlank(cli.artifact)?'::'+auditArtifactStoreVar+'::':cli.artifact} + + - run.fcli: + APPLY_REMEDIATIONS: + cmd: aviator ssc apply-remediations --artifact "${remediationArtifactRef}" --source-dir "${cli.sourceDir}" diff --git a/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/aviator-audit-appversion.yaml b/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/aviator-audit-appversion.yaml new file mode 100644 index 0000000000..d6f9bfb060 --- /dev/null +++ b/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/aviator-audit-appversion.yaml @@ -0,0 +1,77 @@ +# yaml-language-server: $schema=https://fortify.github.io/fcli/schemas/action/fcli-action-schema-dev-2.x.json + +author: Fortify +usage: + header: (PREVIEW) Run Aviator audit for SSC application version + description: | + This action runs Aviator audit for a single SSC application version, + optionally prepares Aviator tags first, and waits for uploaded artifact processing. + +config: + output: immediate + rest.target.default: ssc + run.fcli.status.log.default: true + run.fcli.status.check.default: true + +cli.options: + appversion: + names: --appversion, --av + description: SSC application version id or : + required: true + app: + names: --app + description: Optional Aviator application name override + required: false + tagMapping: + names: --tag-mapping + description: Optional path to tag-mapping YAML file + required: false + prepare: + names: --prepare + description: Run aviator ssc prepare for the specified appversion before auditing + required: false + type: boolean + default: false + noFilterset: + names: --no-filterset + description: Ignore SSC filter set during auditing + required: false + type: boolean + default: false + filterset: + names: --filterset, --fs + description: Optional filter set name or id + required: false + refresh: + names: --refresh + description: Refresh SSC metrics before auditing + required: false + type: boolean + default: true + refreshTimeout: + names: --refresh-timeout + description: Refresh timeout, for example 60s, 5m, 1h + required: false + default: 60s + skipWait: + names: --skip-wait + description: Skip waiting for SSC artifact processing after audit upload + required: false + type: boolean + default: false + +steps: + - var.set: + artifactStoreVar: aviator_audit_${#action.runID().replace('-','_')} + + - if: ${cli.prepare} + run.fcli: + PREPARE: aviator ssc prepare --av "${cli.appversion}" + + - run.fcli: + AUDIT: + cmd: aviator ssc audit --av "${cli.appversion}" ${#opt("--app", cli.app)} ${#opt("--tag-mapping", cli.tagMapping)} ${cli.noFilterset?"--no-filterset":""} ${#opt("--fs", cli.filterset)} --refresh=${cli.refresh} --refresh-timeout="${cli.refreshTimeout}" --store ${artifactStoreVar} + + - if: ${!cli.skipWait} + run.fcli: + WAIT: ssc artifact wait-for ::${artifactStoreVar}:: diff --git a/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/sourceanalyzer-local-scan.yaml b/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/sourceanalyzer-local-scan.yaml new file mode 100644 index 0000000000..2c65da53ba --- /dev/null +++ b/fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/sourceanalyzer-local-scan.yaml @@ -0,0 +1,86 @@ +# yaml-language-server: $schema=https://fortify.github.io/fcli/schemas/action/fcli-action-schema-dev-2.x.json + +author: Fortify +usage: + header: (PREVIEW) Run local SourceAnalyzer scan and upload to SSC + description: | + This action performs a local Fortify SourceAnalyzer scan against the given source directory, + writes an FPR file, and optionally uploads the resulting artifact to SSC. + +config: + output: immediate + rest.target.default: ssc + run.fcli.status.log.default: true + run.fcli.status.check.default: true + +cli.options: + appversion: + names: --appversion, --av + description: SSC application version id or : to upload scan results to + required: true + sourceDir: + names: --source-dir, -s + description: Source directory to scan + required: false + default: . + buildId: + names: --build-id, -b + description: SourceAnalyzer build id + required: false + default: fcli-local-scan + fprFile: + names: --fpr-file, -f + description: Output FPR file path + required: false + default: sourceanalyzer.fpr + sourceAnalyzerVersion: + names: --sourceanalyzer-version, -v + description: | + SourceAnalyzer version, installation path, latest, or auto. + Defaults to SOURCEANALYZER_HOME or SOURCEANALYZER_VERSION env vars, then auto. + required: false + default: ${#ifBlank(#env('SOURCEANALYZER_HOME'),#ifBlank(#env('SOURCEANALYZER_VERSION'),'auto'))} + toolDefinitions: + names: --tool-definitions + description: Custom tool definitions for resolving SourceAnalyzer versions and download URLs + required: false + upload: + names: --upload + description: Upload generated FPR to SSC + required: false + type: boolean + default: true + skipWait: + names: --skip-wait + description: Skip waiting for SSC artifact processing after upload + required: false + type: boolean + default: false + extraTranslateOpts: + names: --extra-translate-opts + description: Extra options to pass to the SourceAnalyzer translate phase + required: false + extraScanOpts: + names: --extra-scan-opts + description: Extra options to pass to the SourceAnalyzer scan phase + required: false + +steps: + - var.set: + resolvedFprFile: ${#resolveAgainstCurrentWorkDir(cli.fprFile)} + artifactStoreVar: sa_local_scan_${#action.runID().replace('-','_')} + + - run.fcli: + SETUP_TOOLS: fcli tool env init "--tools=sourceanalyzer:${cli.sourceAnalyzerVersion}" ${#opt("--tool-definitions", cli.toolDefinitions)} + TRANSLATE: + cmd: fcli tool sourceanalyzer run --workdir ${cli.sourceDir} -- -b "${cli.buildId}" ${cli.extraTranslateOpts} + SCAN: + cmd: fcli tool sourceanalyzer run --workdir ${cli.sourceDir} -- -b "${cli.buildId}" -scan -f "${resolvedFprFile}" ${cli.extraScanOpts} + + - if: ${cli.upload} + run.fcli: + UPLOAD: fcli ssc artifact upload --av "${cli.appversion}" -f "${resolvedFprFile}" --store ${artifactStoreVar} + + - if: ${cli.upload && !cli.skipWait} + run.fcli: + WAIT: fcli ssc artifact wait-for ::${artifactStoreVar}::