Fortify SCA 24.2.0 (was 23.1.1) (#23)

* Fortify SCA 24.2.0 (was 23.1.1) * wip
lightbend-labs · Oct 15, 2024 · d810831 · d810831
1 parent 2fbd5eb
commit d810831
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 12 deletions.
diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml
@@ -24,7 +24,7 @@ jobs:
         cache-name: fortify
       with:
         path: ./Fortify
-        key: fortify-23.1.1
+        key: fortify-24.2.0
 
     # https://github.com/gruntwork-io/fetch
     - uses: Homebrew/actions/setup-homebrew@master
@@ -45,21 +45,21 @@ jobs:
     - name: Install Fortify
       run: |
         if [[ ! -d Fortify ]] ; then
-          GITHUB_OAUTH_TOKEN=${{secrets.FORTIFY_INSTALLER_TOKEN}} fetch --repo="https://github.com/lightbend/scala-fortify" --tag="23.1.1_linux_x64" --release-asset="Fortify_SCA_23.1.1_linux_x64.run" .
-          chmod +x Fortify_SCA_23.1.1_linux_x64.run
+          GITHUB_OAUTH_TOKEN=${{secrets.FORTIFY_INSTALLER_TOKEN}} fetch --repo="https://github.com/lightbend/scala-fortify" --tag="24.2.0_linux_x64" --release-asset="Fortify_SCA_24.2.0_linux_x64.run" .
+          chmod +x Fortify_SCA_24.2.0_linux_x64.run
           mkdir Fortify
-          echo installdir=`pwd`/Fortify/Fortify_SCA_23.1.1 > Fortify_SCA_23.1.1_linux_x64.run.options
-          echo fortify_license_path=`pwd`/fortify.license >> Fortify_SCA_23.1.1_linux_x64.run.options
-          ./Fortify_SCA_23.1.1_linux_x64.run --mode unattended
+          echo installdir=`pwd`/Fortify/Fortify_SCA_24.2.0 > Fortify_SCA_24.2.0_linux_x64.run.options
+          echo fortify_license_path=`pwd`/fortify.license >> Fortify_SCA_24.2.0_linux_x64.run.options
+          ./Fortify_SCA_24.2.0_linux_x64.run --mode unattended
           # download the Scala security rules; VersionTests makes sure they're the ones we expect
-          ./Fortify/Fortify_SCA_23.1.1/bin/fortifyupdate
+          ./Fortify/Fortify_SCA_24.2.0/bin/fortifyupdate
         fi
 
     - name: Test
       run: |
         sbt -DfortifyEnabled=true compile
         rm -f target/vulnerabilities-actual.txt
-        ./Fortify/Fortify_SCA_23.1.1/bin/sourceanalyzer \
+        ./Fortify/Fortify_SCA_24.2.0/bin/sourceanalyzer \
           -b sample \
           -logfile target/scan.log \
           -scan \

diff --git a/fortify.sbt b/fortify.sbt
@@ -20,7 +20,7 @@ ThisBuild / libraryDependencies ++= (
 
 ThisBuild / scalacOptions ++= (
   if (fortifyEnabled.value)
-    Seq("-P:fortify:scaversion=23.1", "-P:fortify:build=sample")
+    Seq("-P:fortify:scaversion=24.2", "-P:fortify:build=sample")
   else
     Seq()
 )
diff --git a/vulnerabilities.txt b/vulnerabilities.txt
@@ -5,6 +5,3 @@ subproject2/src/main/scala/Sample2.scala(5) : Random.nextInt()
 subproject1/src/main/scala/Sample1.scala(5) :  ->ProcessBuilder.!(this)
     subproject1/src/main/scala/Sample1.scala(5) : <->ProcessImplicits.stringToProcess(0->return)
     subproject1/src/main/scala/Sample1.scala(4) :  ->Sample1$.main(0)
-
-[BE79AAD699A3BCD5795C87E95E9B87ED : low : J2EE Bad Practices : Leftover Debug Code : structural ]
-    subproject1/src/main/scala/Sample1.scala(4)