From d810831ef83ce789f684b95d8eb7107bf9732df8 Mon Sep 17 00:00:00 2001 From: Seth Tisue Date: Mon, 14 Oct 2024 18:44:32 -0700 Subject: [PATCH] Fortify SCA 24.2.0 (was 23.1.1) (#23) * Fortify SCA 24.2.0 (was 23.1.1) * wip --- .github/workflows/fortify.yml | 16 ++++++++-------- fortify.sbt | 2 +- vulnerabilities.txt | 3 --- 3 files changed, 9 insertions(+), 12 deletions(-) diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml index e75f4ba..400334a 100644 --- a/.github/workflows/fortify.yml +++ b/.github/workflows/fortify.yml @@ -24,7 +24,7 @@ jobs: cache-name: fortify with: path: ./Fortify - key: fortify-23.1.1 + key: fortify-24.2.0 # https://github.com/gruntwork-io/fetch - uses: Homebrew/actions/setup-homebrew@master @@ -45,21 +45,21 @@ jobs: - name: Install Fortify run: | if [[ ! -d Fortify ]] ; then - GITHUB_OAUTH_TOKEN=${{secrets.FORTIFY_INSTALLER_TOKEN}} fetch --repo="https://github.com/lightbend/scala-fortify" --tag="23.1.1_linux_x64" --release-asset="Fortify_SCA_23.1.1_linux_x64.run" . - chmod +x Fortify_SCA_23.1.1_linux_x64.run + GITHUB_OAUTH_TOKEN=${{secrets.FORTIFY_INSTALLER_TOKEN}} fetch --repo="https://github.com/lightbend/scala-fortify" --tag="24.2.0_linux_x64" --release-asset="Fortify_SCA_24.2.0_linux_x64.run" . + chmod +x Fortify_SCA_24.2.0_linux_x64.run mkdir Fortify - echo installdir=`pwd`/Fortify/Fortify_SCA_23.1.1 > Fortify_SCA_23.1.1_linux_x64.run.options - echo fortify_license_path=`pwd`/fortify.license >> Fortify_SCA_23.1.1_linux_x64.run.options - ./Fortify_SCA_23.1.1_linux_x64.run --mode unattended + echo installdir=`pwd`/Fortify/Fortify_SCA_24.2.0 > Fortify_SCA_24.2.0_linux_x64.run.options + echo fortify_license_path=`pwd`/fortify.license >> Fortify_SCA_24.2.0_linux_x64.run.options + ./Fortify_SCA_24.2.0_linux_x64.run --mode unattended # download the Scala security rules; VersionTests makes sure they're the ones we expect - ./Fortify/Fortify_SCA_23.1.1/bin/fortifyupdate + ./Fortify/Fortify_SCA_24.2.0/bin/fortifyupdate fi - name: Test run: | sbt -DfortifyEnabled=true compile rm -f target/vulnerabilities-actual.txt - ./Fortify/Fortify_SCA_23.1.1/bin/sourceanalyzer \ + ./Fortify/Fortify_SCA_24.2.0/bin/sourceanalyzer \ -b sample \ -logfile target/scan.log \ -scan \ diff --git a/fortify.sbt b/fortify.sbt index 898ca9b..080ac30 100644 --- a/fortify.sbt +++ b/fortify.sbt @@ -20,7 +20,7 @@ ThisBuild / libraryDependencies ++= ( ThisBuild / scalacOptions ++= ( if (fortifyEnabled.value) - Seq("-P:fortify:scaversion=23.1", "-P:fortify:build=sample") + Seq("-P:fortify:scaversion=24.2", "-P:fortify:build=sample") else Seq() ) diff --git a/vulnerabilities.txt b/vulnerabilities.txt index 4bcc7f5..f1e37a8 100644 --- a/vulnerabilities.txt +++ b/vulnerabilities.txt @@ -5,6 +5,3 @@ subproject2/src/main/scala/Sample2.scala(5) : Random.nextInt() subproject1/src/main/scala/Sample1.scala(5) : ->ProcessBuilder.!(this) subproject1/src/main/scala/Sample1.scala(5) : <->ProcessImplicits.stringToProcess(0->return) subproject1/src/main/scala/Sample1.scala(4) : ->Sample1$.main(0) - -[BE79AAD699A3BCD5795C87E95E9B87ED : low : J2EE Bad Practices : Leftover Debug Code : structural ] - subproject1/src/main/scala/Sample1.scala(4)