Skip to content
This repository was archived by the owner on Aug 13, 2025. It is now read-only.

Commit 3fcf0fc

Browse files
rsendenrsenden
committed
fix: Fix GitLab instructions (fixes #30)
1 parent 73b912e commit 3fcf0fc

File tree

2 files changed

+24
-8
lines changed

2 files changed

+24
-8
lines changed

USAGE.md

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -428,9 +428,13 @@ The following sections describe how to use the `fortifydocker/fortify-vulnerabil
428428
The following example illustrates how to utilize the `fortify/fortify-vulnerability-exporter`
429429
Docker image to integrate FortifyVulnerabilityExporter into a GitLab CI/CD pipeline for exporting vulnerability data from FoD to GitLab.
430430
431+
Note that to avoid GitLab passing `sh` as an argument to FortifyVulnerabilityExporter (which will fail, as FortifyVulnerabilityExporter will interpret `sh` as the name of a configuration file), we need to override the image entrypoint and manually invoke the utility in the `script` section.
432+
431433
```
432434
fortify_scanning:
433-
image: fortifydocker/fortify-vulnerability-exporter
435+
image:
436+
name: fortifydocker/fortify-vulnerability-exporter
437+
entrypoint: [""]
434438
variables:
435439
export_config: /config/FoDToGitLab.yml
436440
fod_baseUrl: https://ams.fortify.com
@@ -440,7 +444,7 @@ fortify_scanning:
440444
fod_release_name: MyApp:MyRelease
441445
# Or use fod_release_id: 1234
442446
script:
443-
- echo Script entry is required but not used
447+
- java -DpopulateContainerDirs=true -cp "/app/classpath/*:app/libs/*" com.fortify.vulnexport.FortifyVulnerabilityExporter
444448
when: manual
445449
allow_failure: true
446450
artifacts:
@@ -458,17 +462,21 @@ As described in the [CI/CD Integration](#cicd-integration) section, you can opti
458462
459463
The following example illustrates how to utilize the `fortify/fortify-vulnerability-exporter` Docker image to integrate FortifyVulnerabilityExporter into a GitLab CI/CD pipeline for exporting vulnerability data from SSC to GitLab.
460464
465+
Note that to avoid GitLab passing `sh` as an argument to FortifyVulnerabilityExporter (which will fail, as FortifyVulnerabilityExporter will interpret `sh` as the name of a configuration file), we need to override the image entrypoint and manually invoke the utility in the `script` section.
466+
461467
```
462468
fortify_scanning:
463-
image: fortifydocker/fortify-vulnerability-exporter
469+
image:
470+
name: fortifydocker/fortify-vulnerability-exporter
471+
entrypoint: [""]
464472
variables:
465473
export_config: /config/SSCToGitLab.yml
466474
ssc_baseUrl: ${SSC_BASE_URL}
467475
ssc_authToken: ${SSC_CI_TOKEN_DECODED}
468476
ssc_version_name: MyApp:MyVersion
469477
# Or use ssc_version_id: 1234
470478
script:
471-
- echo Script entry is required but not used
479+
- java -DpopulateContainerDirs=true -cp "/app/classpath/*:app/libs/*" com.fortify.vulnexport.FortifyVulnerabilityExporter
472480
when: manual
473481
allow_failure: true
474482
artifacts:

doc-resources/repo-usage.md

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -425,9 +425,13 @@ The following sections describe how to use the `fortifydocker/fortify-vulnerabil
425425
The following example illustrates how to utilize the `fortify/fortify-vulnerability-exporter`
426426
Docker image to integrate FortifyVulnerabilityExporter into a GitLab CI/CD pipeline for exporting vulnerability data from FoD to GitLab.
427427
428+
Note that to avoid GitLab passing `sh` as an argument to FortifyVulnerabilityExporter (which will fail, as FortifyVulnerabilityExporter will interpret `sh` as the name of a configuration file), we need to override the image entrypoint and manually invoke the utility in the `script` section.
429+
428430
```
429431
fortify_scanning:
430-
image: fortifydocker/fortify-vulnerability-exporter
432+
image:
433+
name: fortifydocker/fortify-vulnerability-exporter
434+
entrypoint: [""]
431435
variables:
432436
export_config: /config/FoDToGitLab.yml
433437
fod_baseUrl: https://ams.fortify.com
@@ -437,7 +441,7 @@ fortify_scanning:
437441
fod_release_name: MyApp:MyRelease
438442
# Or use fod_release_id: 1234
439443
script:
440-
- echo Script entry is required but not used
444+
- java -DpopulateContainerDirs=true -cp "/app/classpath/*:app/libs/*" com.fortify.vulnexport.FortifyVulnerabilityExporter
441445
when: manual
442446
allow_failure: true
443447
artifacts:
@@ -455,17 +459,21 @@ As described in the [CI/CD Integration](#cicd-integration) section, you can opti
455459
456460
The following example illustrates how to utilize the `fortify/fortify-vulnerability-exporter` Docker image to integrate FortifyVulnerabilityExporter into a GitLab CI/CD pipeline for exporting vulnerability data from SSC to GitLab.
457461
462+
Note that to avoid GitLab passing `sh` as an argument to FortifyVulnerabilityExporter (which will fail, as FortifyVulnerabilityExporter will interpret `sh` as the name of a configuration file), we need to override the image entrypoint and manually invoke the utility in the `script` section.
463+
458464
```
459465
fortify_scanning:
460-
image: fortifydocker/fortify-vulnerability-exporter
466+
image:
467+
name: fortifydocker/fortify-vulnerability-exporter
468+
entrypoint: [""]
461469
variables:
462470
export_config: /config/SSCToGitLab.yml
463471
ssc_baseUrl: ${SSC_BASE_URL}
464472
ssc_authToken: ${SSC_CI_TOKEN_DECODED}
465473
ssc_version_name: MyApp:MyVersion
466474
# Or use ssc_version_id: 1234
467475
script:
468-
- echo Script entry is required but not used
476+
- java -DpopulateContainerDirs=true -cp "/app/classpath/*:app/libs/*" com.fortify.vulnexport.FortifyVulnerabilityExporter
469477
when: manual
470478
allow_failure: true
471479
artifacts:

0 commit comments

Comments
 (0)