From 9e9473fe80d037f0813ff194e92c3d3b34c5b804 Mon Sep 17 00:00:00 2001 From: Rohit Baryha <72431329+rohitbaryha1@users.noreply.github.com> Date: Sat, 9 Nov 2024 14:01:03 +0530 Subject: [PATCH 1/4] updated to fix fcli calls --- .../CloudFormationTemplate/fortify-sast-fod-buildspec.yml | 4 ++++ .../fortify_sast_fod_cloudformation_template.yaml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/AWS/SAST/Java_Sample/CloudFormationTemplate/fortify-sast-fod-buildspec.yml b/AWS/SAST/Java_Sample/CloudFormationTemplate/fortify-sast-fod-buildspec.yml index 472422e..39bd315 100644 --- a/AWS/SAST/Java_Sample/CloudFormationTemplate/fortify-sast-fod-buildspec.yml +++ b/AWS/SAST/Java_Sample/CloudFormationTemplate/fortify-sast-fod-buildspec.yml @@ -19,6 +19,10 @@ phases: - echo "Entered the build phase..." - Region = ${AWS_REGION} - Account_Id = $(echo $CODEBUILD_BUILD_ARN | cut -f5 -d ':') + - export FCLI_DEFAULT_FOD_URL=$FOD_URL + - export FCLI_DEFAULT_FOD_USER=$FOD_USER + - export FCLI_DEFAULT_FOD_PASSWORD=$FOD_PAT + - export FCLI_DEFAULT_FOD_TENANT=$FOD_TENANT - docker run --rm -v $PWD:/data fortifydocker/fortify-ci-tools:latest-jdk-17 sh -c "cd /data && scancentral package -bt mvn -o package.zip -oss" - docker run --rm -v $PWD:/data fortifydocker/fortify-ci-tools:latest-jdk-17 sh -c "cd /data && export FCLI_DEFAULT_FOD_URL=$FOD_URL && export FCLI_DEFAULT_FOD_USER=$FOD_USER && export FCLI_DEFAULT_FOD_PASSWORD=$FOD_PAT && export FCLI_DEFAULT_FOD_TENANT=$FOD_TENANT && fcli fod session login && fcli fod sast start --release=$FOD_RELEASE_ID --file=package.zip --remediation=NonRemediationScanOnly && fcli fod session logout" - docker run --rm -u $(id -u):$(id -g) -v $PWD:/data -e FCLI_DEFAULT_FOD_URL -e FCLI_DEFAULT_FOD_USER -e FCLI_DEFAULT_FOD_PASSWORD -e FCLI_DEFAULT_FOD_TENANT fortifydocker/fcli:2.7.0 fcli fod session login diff --git a/AWS/SAST/Java_Sample/CloudFormationTemplate/fortify_sast_fod_cloudformation_template.yaml b/AWS/SAST/Java_Sample/CloudFormationTemplate/fortify_sast_fod_cloudformation_template.yaml index 0382afc..e8bd19e 100644 --- a/AWS/SAST/Java_Sample/CloudFormationTemplate/fortify_sast_fod_cloudformation_template.yaml +++ b/AWS/SAST/Java_Sample/CloudFormationTemplate/fortify_sast_fod_cloudformation_template.yaml @@ -262,6 +262,10 @@ Resources: - fod_uploader_opts='-ep 2 -pp 0 -I 1 -apf' - Region = ${AWS_REGION} - Account_Id = $(echo $CODEBUILD_BUILD_ARN | cut -f5 -d ':') + - export FCLI_DEFAULT_FOD_URL=$FOD_URL + - export FCLI_DEFAULT_FOD_USER=$FOD_USER + - export FCLI_DEFAULT_FOD_PASSWORD=$FOD_PAT + - export FCLI_DEFAULT_FOD_TENANT=$FOD_TENANT - docker run --rm -v $PWD:/data fortifydocker/fortify-ci-tools:latest-jdk-17 sh -c "cd /data && scancentral package -bt mvn -o package.zip -oss" - docker run --rm -v $PWD:/data fortifydocker/fortify-ci-tools:latest-jdk-17 sh -c "cd /data && export FCLI_DEFAULT_FOD_URL=$FOD_URL && export FCLI_DEFAULT_FOD_USER=$FOD_USER && export FCLI_DEFAULT_FOD_PASSWORD=$FOD_PAT && export FCLI_DEFAULT_FOD_TENANT=$FOD_TENANT && fcli fod session login && fcli fod sast start --release=$FOD_RELEASE_ID --file=package.zip --remediation=NonRemediationScanOnly && fcli fod session logout" - docker run --rm -u $(id -u):$(id -g) -v $PWD:/data -e FCLI_DEFAULT_FOD_URL -e FCLI_DEFAULT_FOD_USER -e FCLI_DEFAULT_FOD_PASSWORD -e FCLI_DEFAULT_FOD_TENANT fortifydocker/fcli:2.7.0 fcli fod session login From 190d8cdd8d10e06b52acdb1e953bf2e2c92fd39d Mon Sep 17 00:00:00 2001 From: Rohit Baryha <72431329+rohitbaryha1@users.noreply.github.com> Date: Sat, 9 Nov 2024 14:04:03 +0530 Subject: [PATCH 2/4] Update fortify_sast_fod_cloudformation_template.yaml --- .../fortify_sast_fod_cloudformation_template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AWS/SAST/Java_Sample/CloudFormationTemplate/fortify_sast_fod_cloudformation_template.yaml b/AWS/SAST/Java_Sample/CloudFormationTemplate/fortify_sast_fod_cloudformation_template.yaml index e8bd19e..a13beeb 100644 --- a/AWS/SAST/Java_Sample/CloudFormationTemplate/fortify_sast_fod_cloudformation_template.yaml +++ b/AWS/SAST/Java_Sample/CloudFormationTemplate/fortify_sast_fod_cloudformation_template.yaml @@ -387,7 +387,7 @@ Resources: # FunctionName: lambda_function Handler: index.lambda_handler Role : !GetAtt CleanupBucketOnDeleteLambdaRole.Arn - Runtime: python3.7 + Runtime: python3.11 MemorySize: 128 Timeout: 60 #### Custom Lambda function for Fortify Parser From 8fb0a6d11618780c2bdee276aa6c503a2d00d850 Mon Sep 17 00:00:00 2001 From: Rohit Baryha <72431329+rohitbaryha1@users.noreply.github.com> Date: Sat, 9 Nov 2024 14:09:27 +0530 Subject: [PATCH 3/4] updared readme for AWS --- AWS/README.md | 4 ++-- README.md | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/AWS/README.md b/AWS/README.md index a3f2531..6139d08 100644 --- a/AWS/README.md +++ b/AWS/README.md @@ -1,5 +1,5 @@ # AWS Templates -AWS templates will help onboard applications with application security integration. Fortify platform support AWS Codestar services so DevOps teams will be able to directly leverage these templates as part of pipeline automation. AWS CodeStar service supports Continious Delivery using their own defined YML files during build and release. +AWS templates will help onboard applications with application security integration. Fortify platform support AWS CodeBuild services so DevOps teams will be able to directly leverage these templates as part of pipeline automation. AWS CodeBuild service supports Continious Delivery using their own defined YML files during build and release. 1. BuildSpec.yml : This template used to build and generate artifacts using AWS managed services. It depicts the CI process in DevSecOps framework. @@ -7,7 +7,7 @@ AWS templates will help onboard applications with application security integrati 2. AppSpec.yml : This template used to deploy the artifacts generated by the CI process. It depicts the CD process in DevSecOps framework. -## Integrating Fortify with AWS CodeStar +## Integrating Fortify with AWS CodeBuild Integrating Fortify with CI process is fairly simple pull and push switch using the templates given in the above folders. Fortify can be integrated using below steps. 1. Identify your Fortify solution (Fortify on-premises or Fortify on Demand) diff --git a/README.md b/README.md index 33529d0..38e8c07 100644 --- a/README.md +++ b/README.md @@ -13,8 +13,7 @@ Modern software delivery is synonymous with DevSecOps, meanwhile Software portfolios are in the midst of Cloud Transformation spanning cloud native, to lift-and-shift, and everything in between. Security must keep pace with the ‘everything-as-code’ era to transition from point of friction to enablement, without sacrificing quality. Fortify offers end-to-end application security solutions with the flexibility of testing on-premises and on-demand to scale and cover the entire software development lifecycle. Fortify integrates into your existing development toolchain seamlessly, giving you the highest quality findings and remediation advice during every stage, creating more secure software. With Fortify, you don’t need to trade quality of results for speed. -This project provides developers a collection of reference templates and implementations to enable seamless integration of Fortify tools with cloud native development. The entire project consist of pipeline as code and automated scripts to help integrate Foritfy in different public cloud providers such as Azure DevOps, AWS CodeStar, Google Cloud Platform and Oracle Cloud Infrastructure. In order to support developers and application security teams, we have created a templates which could help integrate Fortify static application security testing (SAST) and dynamic application security testing (DAST) into CI/CD pipelines faster and helps applications onboard faster. - +This project provides developers a collection of reference templates and implementations to enable seamless integration of Fortify tools with cloud native development. The entire project consist of pipeline as code and automated scripts to help integrate Foritfy in different public cloud providers such as Azure DevOps, AWS CodeBuild, Google Cloud Platform and Oracle Cloud Infrastructure. In order to support developers and application security teams, we have created a templates which could help integrate Fortify static application security testing (SAST) and dynamic application security testing (DAST) into CI/CD pipelines faster and helps applications onboard faster. From 77c0829f8fd4687df8843b4255cfe25ac4f6c8d5 Mon Sep 17 00:00:00 2001 From: Rohit Baryha <72431329+rohitbaryha1@users.noreply.github.com> Date: Sat, 9 Nov 2024 14:47:24 +0530 Subject: [PATCH 4/4] Update fortify_sast_fod_cloudformation_template.yaml --- .../fortify_sast_fod_cloudformation_template.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/AWS/SAST/Java_Sample/CloudFormationTemplate/fortify_sast_fod_cloudformation_template.yaml b/AWS/SAST/Java_Sample/CloudFormationTemplate/fortify_sast_fod_cloudformation_template.yaml index a13beeb..8b216d7 100644 --- a/AWS/SAST/Java_Sample/CloudFormationTemplate/fortify_sast_fod_cloudformation_template.yaml +++ b/AWS/SAST/Java_Sample/CloudFormationTemplate/fortify_sast_fod_cloudformation_template.yaml @@ -260,8 +260,8 @@ Resources: commands: - echo "Entered the build phase..." - fod_uploader_opts='-ep 2 -pp 0 -I 1 -apf' - - Region = ${AWS_REGION} - - Account_Id = $(echo $CODEBUILD_BUILD_ARN | cut -f5 -d ':') + - Region='${AWS::Region}' + - Account_Id=$(echo $CODEBUILD_BUILD_ARN | cut -f5 -d ':') - export FCLI_DEFAULT_FOD_URL=$FOD_URL - export FCLI_DEFAULT_FOD_USER=$FOD_USER - export FCLI_DEFAULT_FOD_PASSWORD=$FOD_PAT