updated to fix fcli calls

AWS/README.md

@@ -1,13 +1,13 @@
 # AWS Templates
-AWS templates will help onboard applications with application security integration. Fortify platform support AWS Codestar services so DevOps teams will be able to directly leverage these templates as part of pipeline automation. AWS CodeStar service supports Continious Delivery using their own defined YML files during build and release. 
+AWS templates will help onboard applications with application security integration. Fortify platform support AWS CodeBuild services so DevOps teams will be able to directly leverage these templates as part of pipeline automation. AWS CodeBuild service supports Continious Delivery using their own defined YML files during build and release.  
 
 
 1.	BuildSpec.yml : This template used to build and generate artifacts using AWS managed services. It depicts the CI process in DevSecOps framework.
 
 2.	AppSpec.yml : This template used to deploy the artifacts generated by the CI process. It depicts the CD process in DevSecOps framework.
 
 
-## Integrating Fortify with AWS CodeStar
+## Integrating Fortify with AWS CodeBuild
 Integrating Fortify with CI process is fairly simple pull and push switch using the templates given in the above folders.  Fortify can be integrated using below steps.
 
 1. Identify your Fortify solution (Fortify on-premises or Fortify on Demand)

AWS/SAST/Java_Sample/CloudFormationTemplate/fortify-sast-fod-buildspec.yml

@@ -19,6 +19,10 @@ phases:
       - echo "Entered the build phase..."
       - Region = ${AWS_REGION}
       - Account_Id = $(echo $CODEBUILD_BUILD_ARN | cut -f5 -d ':')
+      - export FCLI_DEFAULT_FOD_URL=$FOD_URL 
+      - export FCLI_DEFAULT_FOD_USER=$FOD_USER 
+      - export FCLI_DEFAULT_FOD_PASSWORD=$FOD_PAT 
+      - export FCLI_DEFAULT_FOD_TENANT=$FOD_TENANT
       - docker run --rm -v $PWD:/data fortifydocker/fortify-ci-tools:latest-jdk-17 sh -c "cd /data && scancentral package -bt mvn -o package.zip -oss"
       - docker run --rm -v $PWD:/data fortifydocker/fortify-ci-tools:latest-jdk-17 sh -c "cd /data && export FCLI_DEFAULT_FOD_URL=$FOD_URL && export FCLI_DEFAULT_FOD_USER=$FOD_USER && export FCLI_DEFAULT_FOD_PASSWORD=$FOD_PAT && export FCLI_DEFAULT_FOD_TENANT=$FOD_TENANT && fcli fod session login && fcli fod sast start --release=$FOD_RELEASE_ID --file=package.zip --remediation=NonRemediationScanOnly && fcli fod session logout"
       - docker run --rm -u $(id -u):$(id -g) -v $PWD:/data -e FCLI_DEFAULT_FOD_URL -e FCLI_DEFAULT_FOD_USER -e FCLI_DEFAULT_FOD_PASSWORD -e FCLI_DEFAULT_FOD_TENANT fortifydocker/fcli:2.7.0 fcli fod session login

AWS/SAST/Java_Sample/CloudFormationTemplate/fortify_sast_fod_cloudformation_template.yaml

@@ -260,8 +260,12 @@ Resources:
               commands:
                 - echo "Entered the build phase..."
                 - fod_uploader_opts='-ep 2 -pp 0 -I 1 -apf'
-                - Region = ${AWS_REGION}
-                - Account_Id = $(echo $CODEBUILD_BUILD_ARN | cut -f5 -d ':')
+                - Region='${AWS::Region}'
+                - Account_Id=$(echo $CODEBUILD_BUILD_ARN | cut -f5 -d ':')
+                - export FCLI_DEFAULT_FOD_URL=$FOD_URL 
+                - export FCLI_DEFAULT_FOD_USER=$FOD_USER 
+                - export FCLI_DEFAULT_FOD_PASSWORD=$FOD_PAT 
+                - export FCLI_DEFAULT_FOD_TENANT=$FOD_TENANT
                 - docker run --rm -v $PWD:/data fortifydocker/fortify-ci-tools:latest-jdk-17 sh -c "cd /data && scancentral package -bt mvn -o package.zip -oss"
                 - docker run --rm -v $PWD:/data fortifydocker/fortify-ci-tools:latest-jdk-17 sh -c "cd /data && export FCLI_DEFAULT_FOD_URL=$FOD_URL && export FCLI_DEFAULT_FOD_USER=$FOD_USER && export FCLI_DEFAULT_FOD_PASSWORD=$FOD_PAT && export FCLI_DEFAULT_FOD_TENANT=$FOD_TENANT && fcli fod session login && fcli fod sast start --release=$FOD_RELEASE_ID --file=package.zip --remediation=NonRemediationScanOnly && fcli fod session logout"
                 - docker run --rm -u $(id -u):$(id -g) -v $PWD:/data -e FCLI_DEFAULT_FOD_URL -e FCLI_DEFAULT_FOD_USER -e FCLI_DEFAULT_FOD_PASSWORD -e FCLI_DEFAULT_FOD_TENANT fortifydocker/fcli:2.7.0 fcli fod session login
@@ -383,7 +387,7 @@ Resources:
       # FunctionName: lambda_function
       Handler: index.lambda_handler
       Role : !GetAtt CleanupBucketOnDeleteLambdaRole.Arn
-      Runtime: python3.7
+      Runtime: python3.11
       MemorySize: 128
       Timeout: 60  
   #### Custom Lambda function for Fortify Parser

README.md

@@ -13,8 +13,7 @@
 
 Modern software delivery is synonymous with DevSecOps, meanwhile Software portfolios are in the midst of Cloud Transformation spanning cloud native, to lift-and-shift, and everything in between.  Security must keep pace with the ‘everything-as-code’ era to transition from point of friction to enablement, without sacrificing quality.  Fortify offers end-to-end application security solutions with the flexibility of testing on-premises and on-demand to scale and cover the entire software development lifecycle. Fortify integrates into your existing development toolchain seamlessly, giving you the highest quality findings and remediation advice during every stage, creating more secure software. With Fortify, you don’t need to trade quality of results for speed.
 
-This project provides developers a collection of reference templates and implementations to enable seamless integration of Fortify tools with cloud native development. The entire project consist of pipeline as code and automated scripts to help integrate Foritfy in different public cloud providers such as Azure DevOps, AWS CodeStar, Google Cloud Platform and Oracle Cloud Infrastructure. In order to support developers and application security teams, we have created a templates which could help integrate Fortify static application security testing (SAST) and dynamic application security testing (DAST) into CI/CD pipelines faster and helps applications onboard faster.
-
+This project provides developers a collection of reference templates and implementations to enable seamless integration of Fortify tools with cloud native development. The entire project consist of pipeline as code and automated scripts to help integrate Foritfy in different public cloud providers such as Azure DevOps, AWS CodeBuild, Google Cloud Platform and Oracle Cloud Infrastructure. In order to support developers and application security teams, we have created a templates which could help integrate Fortify static application security testing (SAST) and dynamic application security testing (DAST) into CI/CD pipelines faster and helps applications onboard faster.
 <!-- END-INCLUDE:repo-intro.md -->