search

fortify / fcli

fcli is a command-line utility for interacting with various Fortify products
https://fortify.github.io/fcli/
Other
32 stars 22 forks source link

Speed Dial on FLCI #619

Open Keeggo-AppSec opened 1 month ago

Keeggo-AppSec commented 1 month ago

Enhancement Request

Is it possible to configure Speed ​​Dial through FCLI or some way to set scan arguments?

We need to use Through FLCI:

Security focused Scan Policy: This scan policy omits results that are first and foremost code quality rather than security issues. By choosing scan policy "security",

Or

DevOps focused Scan Policy: This scan policy aggressively suppresses results that are either not security related or have a high probably of being noise. Its primary use case is in Dev(Sec)Ops scenarios where speed is of the essence and developers directly review results coming from Fortify without an intermediate auditing step.

MikeTheSnowman commented 1 month ago

You'll want to wait for either @rsenden or @gendry-gh to chime in for a more definitive answer.

Currently, it's not possible to set either translation (targs) or scan arguments (sargs) when starting a sc-sast scan with FCLI. For that ER, we already have the existing GH issue #449.

When we do get around to implementing that, and providing that you're using ScanCentral SAST v23.1 or newer, it should be possible for you to set the -scan-precision or -p (speed dial) scan option.

rsenden commented 1 month ago

We've just committed some code changes to add support for the --sargs option on the fcli sc-sast scan start command, so once released (after some more testing), this should resolve this issue. You can already test this new feature using the dev_develop release of fcli, please let us know if you have any feedback.