When using fcli to submit scan requests from CI-specific integrations like fortify/github-action, we'd like to be able to specify the following scan attributes:
Method = CICD
Tool = GitHub Action
Tool Version = GitHub Action version
However, currently fcli doesn't provide options for overriding these attributes. Once implemented, we'll want to update the GitHub Action to utilize this.
Just wondering whether it's a good idea to allow anyone to override these, potentially making troubleshooting more difficult if people start specifying arbitrary tool names/versions. Maybe these options should be hidden?
When using fcli to submit scan requests from CI-specific integrations like
fortify/github-action
, we'd like to be able to specify the following scan attributes:However, currently fcli doesn't provide options for overriding these attributes. Once implemented, we'll want to update the GitHub Action to utilize this.
Just wondering whether it's a good idea to allow anyone to override these, potentially making troubleshooting more difficult if people start specifying arbitrary tool names/versions. Maybe these options should be hidden?