add fortify workflow to github actions (#121)

belezanaweb · Sep 6, 2021 · 096b9cf · 096b9cf
1 parent 58478a7
commit 096b9cf
Showing 1 changed file with 42 additions and 0 deletions.
diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml
@@ -0,0 +1,42 @@
+name: Fortify
+
+on:
+  push:
+    branches: [master]
+
+jobs:
+  fortify:
+    runs-on: [self-hosted, devsecops]
+    name: Fortify
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Checkout Application & Version Action
+        run: git clone [email protected]:grupoboticario/fortify-action-api.git .github/fortify-action-api
+      - name: Checkout SAST Assessment Action
+        run: git clone [email protected]:grupoboticario/fortify-action-sast.git .github/fortify-action-sast
+      - name: Import Secrets
+        uses: hashicorp/[email protected]
+        with:
+          url: https://heimdall.grupoboticario.digital
+          token: ${{ secrets.FORTIFY_VAULT_TOKEN }}
+          secrets: |
+            fortify/secrets/gbaction userf ;
+            fortify/secrets/gbaction citoken ;
+            fortify/secrets/gbaction scancentral
+      - name: Create Application & Version
+        uses: ./.github/fortify-action-api
+        id: fortify_api
+        with:
+          api_credentials: '${{ env.USERF }}'
+          application_name: '${{ github.repository }}'
+          application_version: 'master'
+      - name: SAST
+        uses: ./.github/fortify-action-sast
+        id: SAST
+        with:
+          application_name: '${{ github.repository }}'
+          application_version: 'master'
+          client_token: '${{ env.SCANCENTRAL }}'
+          ci_token: '${{ env.CITOKEN }}'
+          language_profile: other