fcli icon indicating copy to clipboard operation
fcli copied to clipboard
verified publisher icon fortify

Speed Dial on FLCI

Open Keeggo-AppSec opened this issue 1 year ago • 1 comments

Enhancement Request

Is it possible to configure Speed ​​Dial through FCLI or some way to set scan arguments?

We need to use Through FLCI:

Security focused Scan Policy: This scan policy omits results that are first and foremost code quality rather than security issues. By choosing scan policy "security",

Or

DevOps focused Scan Policy: This scan policy aggressively suppresses results that are either not security related or have a high probably of being noise. Its primary use case is in Dev(Sec)Ops scenarios where speed is of the essence and developers directly review results coming from Fortify without an intermediate auditing step.

Keeggo-AppSec avatar Sep 30 '24 12:09 Keeggo-AppSec

You'll want to wait for either @rsenden or @gendry-gh to chime in for a more definitive answer.

Currently, it's not possible to set either translation (targs) or scan arguments (sargs) when starting a sc-sast scan with FCLI. For that ER, we already have the existing GH issue #449.

When we do get around to implementing that, and providing that you're using ScanCentral SAST v23.1 or newer, it should be possible for you to set the -scan-precision or -p (speed dial) scan option.

MikeTheSnowman avatar Sep 30 '24 14:09 MikeTheSnowman

We've just committed some code changes to add support for the --sargs option on the fcli sc-sast scan start command, so once released (after some more testing), this should resolve this issue. You can already test this new feature using the dev_develop release of fcli, please let us know if you have any feedback.

rsenden avatar Oct 24 '24 13:10 rsenden

The ability to specify scan arguments was added in fcli 2.8.0, so closing this issue.

rsenden avatar Dec 23 '24 12:12 rsenden