Support for build failure criteria for FoD SAST and open source scans #34
Comments
|
@fortifysoftware, there are several internal discussions (not necessarily related to fcli/GitHub Action) regarding the ability to break the build or avoid pull requests from being merged based on certain criteria. Even though this seems like a simple question, there are many aspects to be considered to properly implement something like this. I'll share some details on this by email. As for the open source issue counts, we shouldn't be doing such calculations on the client side; maybe FoD introduces yet another scan type in the future, causing such calculations to show inaccurate numbers. Please submit an FoD enhancement request to get OSS issue counts added in REST responses. |
|
@fortifysoftware We've recently introduced 'fcli actions' that allow for running customizable operations, one of the use cases is to provide a customizable |
|
Implemented in latest 1.3.0 release |
There currently doesn't seem to be a way to specify build failure criteria for FoD SAST and open source scans. (For instance, fail the build if any critical SAST or OSS issues are detected.) Are there any plans to add this feature any time soon?
Related to this, I've noticed that the endpoint
GET /api/v3/releases/{releaseId}, for whichfcli fod rel get {releaseId}relies, lacks open source issue counts. However, they can easily be deduced with some simple arithmetic. For example:ossCritical = critical - staticCritical - dynamicCritical - mobileCriticalThe text was updated successfully, but these errors were encountered: