Environment variable inputs for SC_SAST_TOKEN and SC_SAST_SENSOR_VERSION in for sc-sast-scan

[crance]

The sc-sast-scan section has some incorrect/missing inputs.

1. Replace SC_SAST_CLIENT_AUTH_TOKEN with SC_SAST_TOKEN.

If we inspect the code from /internal/sc-sast-login/action.yml, SC_SAST_CLIENT_AUTH_TOKEN is not being used. Instead SC_SAST_TOKEN is being passed to fcli for client authentication.

https://github.com/fortify/github-action/blob/8b0076872ea5d24f27ebc292a84a1a76cb8179eb/internal/sc-sast-login/action.yml#L21

If we followed the documentation by not passing in SC_SAST_TOKEN , we get the following error:

2. SC_SAST_SENSOR_VERSION is required

When fcli is invoking sc-sast scan start, it was complaining of a missing --sensor-version paramter.

The code snippet is passing SC_SAST_SENSOR_VERSION as a parameter to fcli, but was undocumented is the README. https://github.com/fortify/github-action/blob/8b0076872ea5d24f27ebc292a84a1a76cb8179eb/sc-sast-scan/action.yml#L15

This is a sample of the correction made when calling sc-sast-scan@v1.

GHA output

SC SAST in SSC (GMT +8 Timezone)

[rsenden]

Thanks for reporting this! The detailed information you provided made it easy to fix the documentation. The documentation has now been updated in the latest 1.2.0 release of the GitHub Action.