Introduction to fcli (Fortify Command Line Interface utility)
Вставка
- Опубліковано 10 лип 2024
- In this video, Jan Wienand, Fortify Presales Consultant, gives an overview of the Fortify Command Line Interface utility.
-Timestamps-
00:00 Intro
00:54 What’s FCLI
02:18 Use Cases
07:24 How to install and use it
09:17 Useful Tips
GitHub Project: github.com/fortify-ps/fcli
Releases: github.com/fortify-ps/fcli/re...
Documentation: fortify-ps.github.io/fcli/
LEARN MORE about Fortify: www.microfocus.com/en-us/cybe...
LEARN MORE about how Micro Focus was named a leader in the Gartner MQ for Application Security Testing: software.microfocus.com/en-us...
CONNECT with the Fortify Online Community: community.microfocus.com/t5/F...
- Connect with peers and share your knowledge
- Find solutions and answers to your technical questions
- Stay informed on new releases and product enhancements
- Access downloads, demos, videos and support tips - Наука та технологія
How can we integrate fcli CICD pipeline to break the pipeline ?
For example if we send the scan to fortify SSC currently using scancentral, how would they use fcli to get the results and break the build if it contains Critical vulnerabilities?
fcli ssc session login -t $SSC_TOKEN --url $SSC_URL
FAIL_CONDITION=$(fcli ssc appversion-vuln count --appversion $SSC_APP_NAME:$SSC_APP_VERSION -o json | jq ".[0]|.visibleCount")
if [ $FAIL_CONDITION -gt 0 ]
then
echo "$SSC_APP_NAME:$SSC_APP_VERSION has $FAIL_CONDITION open critical vulnerabilities. Pipeline failure criteria met."
exit 1
else
echo "$SSC_APP_NAME:$SSC_APP_VERSION passed pipeline failure criteria."
fi
This works for me on Linux.
Hey JJ, you could use "fcli ssc appversion-vuln count --appversion {:} -q id=Critical -o expr={totalCount}" to get the "raw" number of critical findings and then create a little mechanism to break the pipeline ("if the number of findings is more than X") using built-in CI/CD tools (this depends on the tool you're using).
Thanks for your response, Jan!