Skip to content

Update SSC pipeline to use "fcli action run ci"#55

Open
kadraman wants to merge 3 commits intomainfrom
azure-pipelines-ssc-update
Open

Update SSC pipeline to use "fcli action run ci"#55
kadraman wants to merge 3 commits intomainfrom
azure-pipelines-ssc-update

Conversation

@kadraman
Copy link
Collaborator

@kadraman kadraman commented Feb 26, 2026

No description provided.

Copilot AI review requested due to automatic review settings February 26, 2026 16:29
@kadraman kadraman requested a review from rsenden February 26, 2026 16:30
@kadraman kadraman changed the title Update FoD pipeline to use "fcli action run ci" Update SSC pipeline to use "fcli action run ci" Feb 26, 2026
Copilot AI reviewed Feb 26, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR modernizes the Azure DevOps pipeline for Fortify ScanCentral SAST by migrating from manual fcli command execution to a higher-level action-based approach using fcli action run ci. The update replaces the Docker container-based setup with dynamic tool installation via @fortify/setup and simplifies the scanning workflow.

Changes:

  • Replaced manual fcli session management and scan commands with fcli action run ci command
  • Updated environment variables from FCLI_DEFAULT_* pattern to simplified SSC_*, SC_SAST_TOKEN, and feature-specific variables
  • Introduced @fortify/setup for dynamic installation of fcli and sc-client tools instead of using pre-built Docker container
  • Added comprehensive DO_* flags for controlling scan behavior (setup, wait, summary, policy check, job summary, PR comment, export)
  • Commented out the old implementation for reference

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

rsenden
rsenden requested changes Feb 27, 2026
View reviewed changes
@kadraman kadraman requested a review from rsenden February 27, 2026 17:10
github-actions[bot]
github-actions bot reviewed Feb 27, 2026
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fortify vulnerability summary

Any issues listed below are based on comparing the latest scan results against the previous scan results in FoD release fortify/IWA-Java - azure-pipelines-ssc-update. This is for informational purposes only and, depending on workflow, may not be an accurate representation of what issues will be introduced into or removed from the target branch when merging this PR.

New Issues

  • No new or re-introduced issues were detected

Removed Issues

github-actions[bot]
github-actions bot reviewed Feb 27, 2026
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fortify vulnerability summary

Any issues listed below are based on comparing the latest scan results against the previous scan results in FoD release fortify/IWA-Java - azure-pipelines-ssc-update. This is for informational purposes only and, depending on workflow, may not be an accurate representation of what issues will be introduced into or removed from the target branch when merging this PR.

New Issues

  • No new or re-introduced issues were detected

Removed Issues

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Copilot code review Copilot Copilot left review comments

@rsenden rsenden Awaiting requested review from rsenden

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kadraman @rsenden