Closed PedroGarciaOT closed 2 weeks ago
Hey @PedroGarciaOT , this was one of the primary use cases that fcli's action
capability is meant to address.
Please have a look at the sample policy with fcli fod action get check-policy
.
For usage in your pipeline, you'd just run:
fcli fod action run check-policy --release <appName>:<versionName>
And if you're doing this on a micro-service release:
fcli fod action run check-policy --release <appName>:<microserviceName>:<versionName>
The general idea here is that you can customize, then make your custom policy available to other people and pipelines via:
action
capability: https://fortify.github.io/fcli/v2.7.1/#_actionsThat will work for now.
Enhancement Request
It would be great to have a boolean command that would tell me if the project is compliant or not.
For Fortify on Demand, it would be nice if the security gate matches the compliance requirements and star rating of the policy assigned to the application.
My suggestion for FoD is: fcli fod security-gate-check --release='ReleaseId'
For Fortify Software Security Center, it would be nice if the security gate replaced the need to use expressions to check the issue count is greater than zero or the need to use a custom query to get a boolean value to fail the pipeline.
My suggestion for SSC is:
fcli ssc security-gate-check --version='AppVersionId'