-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathpopulate.ps1
64 lines (52 loc) · 3.53 KB
/
populate.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
Write-Host "Fortify Population script"
# Import some supporting functions
Import-Module $PSScriptRoot\modules\FortifyFunctions.psm1 -Scope Global -Force
Set-PSPlatform
# Import local environment specific settings
$EnvSettings = $(ConvertFrom-StringData -StringData (Get-Content (Join-Path "." -ChildPath ".env") | Where-Object {-not ($_.StartsWith('#'))} | Out-String))
$EnvFile = Join-Path $PSScriptRoot -ChildPath ".env"
$SSC_ADMIN_USER = $EnvSettings['SSC_ADMIN_USER']
$SSC_ADMIN_PASSWORD = $EnvSettings['SSC_ADMIN_PASSWORD']
$SSC_URL = $EnvSettings['SSC_URL']
$SCSAST_URL = $EnvSettings['SCSAST_URL']
$CLIENT_AUTH_TOKEN = $EnvSettings['CLIENT_AUTH_TOKEN']
if ([string]::IsNullOrEmpty($SSC_ADMIN_USER)) { $SSC_ADMIN_USER = "admin" }
if ([string]::IsNullOrEmpty($SSC_ADMIN_PASSWORD)) { $SSC_ADMIN_PASSWORD = "admin" }
if ([string]::IsNullOrEmpty($SCSAST_URL)) { throw "SCSAST_URL needs to be set in .env file" }
if ([string]::IsNullOrEmpty($CLIENT_AUTH_TOKEN)) { throw "CLIENT_AUTH_TOKEN needs to be set in .env file" }
$CertDir = "$($PSScriptRoot)\certificates"
$TrustStore = Join-Path $CertDir -ChildPath "ssc-service.jks"
$ArtifactsDir = "$($PSScriptRoot)\artifacts"
$PluginsDir = "$($PSScriptRoot)\plugins"
fcli config truststore set -f $TrustStore -p changeit -t jks
fcli ssc session login --url $SSC_URL -k -u $SSC_ADMIN_USER -p $SSC_ADMIN_PASSWORD
fcli sc-sast session login --ssc-url $SSC_URL --ctrl-url $SCSAST_URL -k -c $CLIENT_AUTH_TOKEN
# Note: this only seeems to work once
Write-Host "Installing Plugins ..."
$PluginFile = Join-Path $PluginsDir -ChildPath "fortify-ssc-23.2+-parser-debricked-cyclonedx-1.1.0.jar"
fcli ssc plugin install -f $PluginFile
Write-Host "Creating Applications and Versions ..."
fcli ssc appversion create IWA-Java:1.0 --auto-required-attrs --issue-template Prioritized-HighRisk-Project-Template --skip-if-exists
fcli ssc appversion create IWA-DotNet:1.0 --auto-required-attrs --issue-template Prioritized-HighRisk-Project-Template --skip-if-exists
fcli ssc appversion create ZeroBank:1.0 --auto-required-attrs --issue-template Prioritized-HighRisk-Project-Template --skip-if-exists
fcli ssc appversion create EightBall:1.0 --auto-required-attrs --issue-template Prioritized-LowRisk-Project-Template --skip-if-exists
Write-Host "Uploading example artifiacts ..."
$ArtifactFile = Join-Path $ArtifactsDir -ChildPath "IWA-Java-1.0.fpr"
fcli ssc artifact upload --appversion="IWA-Java:1.0" -f $ArtifactFile --progress=auto --store=myArtifact
#fcli ssc artifact wait-for ::myArtifact:: --until="REQUIRE_AUTH"
fcli ssc artifact approve ::myArtifact::
$ArtifactFile = Join-Path $ArtifactsDir -ChildPath "IWA-Java-1.0-DAST.fpr"
fcli ssc artifact upload --appversion="IWA-Java:1.0" -f $ArtifactFile --progress=auto --store=myArtifact
#fcli ssc artifact wait-for ::myArtifact:: --until="REQUIRE_AUTH"
fcli ssc artifact approve ::myArtifact::
$ArtifactFile = Join-Path $ArtifactsDir -ChildPath "IWA-Java-1.0-SBOM.zip"
fcli ssc artifact upload --appversion="IWA-Java:1.0" -f $ArtifactFile --progress=auto --store=myArtifact
fcli ssc artifact upload --appversion="IWA-Java:1.0" -f $ArtifactFile --progress=auto --engine-type DEBRICKED --store=myArtifact
#fcli ssc artifact wait-for ::myArtifact:: --until="REQUIRE_AUTH"
fcli ssc artifact approve ::myArtifact::
#Write-Host "Starting ScanCentral SAST scan ..."
#$ArtifactFile = Join-Path $ArtifactsDir -ChildPath "EightBall-1.0.mbs"
#fcli sc-sast scan start -m artifacts/EightBall-1.0.mbs --publish-to "EightBall:1.0" --store curScan
#fcli sc-sast scan wait-for ::curScan::
fcli sc-sast session logout
fcli ssc session logout