feat: Add support for AWS Security Hub (#75)

Author: rohitbaryha1

FortifyVulnerabilityExporter-plugin-to-json/src/main/resources/pluginConfig/json-aws-fod-sast.yml

@@ -0,0 +1,42 @@
+---
+spring.config.activate.on-loader-plugin: fod
+
+json.awshub.sast.filter.expr: vuln.scantype=='Static'
+json.awshub.sast.format:
+  fields:
+    issues: $[vulnerabilityMappers.issue.get()]
+  vulnerabilityMappers.issue.fields:
+    SchemaVersion: 2018-10-08
+    Id: $[vuln.releaseId]-$[vuln.id]
+    ProductArn: '--'
+    GeneratorId: '--'
+    ProductName: 'Fortify SAST'
+    CompanyName: OpenText
+    Types: "[ 'Software and Configuration Checks/Vulnerabilities/CVE' ]"
+    CreatedAt: $[#formatDateTimewithZoneIdAsUTC("yyyy-MM-dd'T'HH:mm:ss.SSSSSS'Z'", release.staticScanDate?:'1970-01-01T00:00:00', release.serverZoneId)]
+    UpdatedAt: $[#formatDateTimewithZoneIdAsUTC("yyyy-MM-dd'T'HH:mm:ss.SSSSSS'Z'", release.staticScanSummary?.completedDateTime?:'1970-01-01T00:00:00', release.serverZoneId)]
+    Severity:
+        Original: $[vuln.severityString]
+        Normalized: $[{Critical:10.0,High:8.9,Medium:6.9,Low:3.9}.get(vuln.severityString)+'']
+    Title: $[vuln.category]
+    Description: $[#abbreviate(#htmlToText(vuln.all_data.details.summary).replaceAll(" ", " "),510)]
+    Remediation:
+        Recommendation:
+            Text: $[#abbreviate(#htmlToText(vuln.all_data.recommendations?.recommendations).replaceAll(" ", " "),510)]
+            Url: $[vuln.deepLink]
+    ProductFields:
+        Product Name: 'Fortify SAST'
+    Resources:
+        Type: Application
+        Id: $[vuln.releaseId]-$[vuln.id]
+        Partition: aws
+        Region: '--'
+        details:
+            Other:
+                APPLICATION: '$[vuln.releaseId]'
+                APPLICATION NAME: $[vuln.release.applicationName]
+                APPLICATION VERSION: $[vuln.release.releaseName]
+                PRIMARY LOCATION: $[vuln.primaryLocationFull]
+                LINE NUMBER: '$[vuln.lineNumber==0?1:vuln.lineNumber]'
+                INSTANCE ID: "$[vuln.instanceId]"
+    RecordState: ACTIVE

FortifyVulnerabilityExporter-plugin-to-json/src/main/resources/pluginConfig/json-aws-ssc-sast.yml

@@ -0,0 +1,43 @@
+---
+spring.config.activate.on-loader-plugin: ssc
+
+json.awshub.sast.filter.expr: vuln.engineType=='SCA'
+json.awshub.sast.format:
+  fields:
+    issues: $[vulnerabilityMappers.vulnerability.get()]
+  vulnerabilityMappers.vulnerability.fields:
+    SchemaVersion: 2018-10-08
+    Id: $[vuln.projectVersionId]-$[vuln.id]
+    ProductArn: '--'
+    GeneratorId: '--'
+    ProductName: 'Fortify SAST'
+    CompanyName: OpenText
+    Types: "[ 'Software and Configuration Checks/Vulnerabilities/CVE' ]"
+    CreatedAt: $[#formatDateTime("yyyy-MM-dd'T'HH:mm:ss", applicationVersion.currentStaticScan?.uploadDate?:'1970-01-01T00:00:00')]
+    UpdatedAt: $[#formatDateTime("yyyy-MM-dd'T'HH:mm:ss", applicationVersion.currentStaticScan?.uploadDate?:'1970-01-01T00:00:00')]
+    Severity:
+        Original: $[vuln.friority]
+        Normalized: $[{Critical:10.0,High:8.9,Medium:6.9,Low:3.9}.get(vuln.friority)+'']
+    Title: $[vuln.issueName]
+    Description: $[#abbreviate(#htmlToText(vuln.details?.brief).replaceAll(" ", " "),510)]
+    Remediation:
+        Recommendation:
+            Text: $[#abbreviate(#htmlToText(vuln.details?.recommendation).replaceAll(" ", " "),510)]
+            Url: $[vuln.deepLink]
+    ProductFields:
+        Product Name: 'Fortify SAST'
+    Resources:
+        Type: Application
+        Id: $[vuln.projectVersionId]-$[vuln.id]
+        Partition: aws
+        Region: '--'
+        details:
+            Other:
+                APPLICATION: '$[vuln.projectVersionId]'
+                APPLICATION NAME: $[vuln.applicationVersion.project.name]
+                APPLICATION VERSION: $[vuln.applicationVersion.name]
+                PRIMARY LOCATION: $[vuln.fullFileName]
+                LINE NUMBER: '$[vuln.lineNumber==0?1:vuln.lineNumber]'
+                INSTANCE ID: "$[vuln.instanceId]"
+    RecordState: ACTIVE
+  vulnerabilityMappers.vulnerability.value: $[vuln]

config/FoDToAWS.yml

@@ -0,0 +1,22 @@
+# See FortifyVulnerabilityExporter documentation for FoD connection settings and release selection
+    
+export:
+  from: fod
+  to: json.awshub.sast
+
+fod:
+  release:
+    embed:                           # Load static and dynamic scan summaries if available
+      - propertyName: staticScanSummary
+        uri: /api/v3/scans/{currentStaticScanId}/summary
+        embedIf: currentStaticScanId!=null
+  vulnerability:
+    filterParam: scantype:Static     # Have FoD return only static issues 
+    embed:                           # Load extra data, depending on what data you want to include in output
+      - subEntity: all-data
+
+export.dir: ${CI_PROJECT_DIR:${export.default.dir}} # Unless overridden, use CI_PROJECT_DIR if defined, otherwise default export dir
+json.awshub.sast.output:
+  stdout: false                      # Useful for debugging, disabled for optimal performance
+  pretty: true                       # Useful for debugging, disable for optimal performance
+  file:   ${export.dir}/awshub-fortify-sast.json

config/SSCToAWS.yml

@@ -0,0 +1,30 @@
+# See FortifyVulnerabilityExporter documentation for SSC connection settings and application version selection
+
+export:
+  from: ssc
+  to: json.awshub.sast
+
+ssc:
+  version:
+    embed:                           # Load static and dynamic scan summaries if available
+      - subEntity: currentStaticScan
+        onError: LOG_INFO
+      - propertyName: issueCountsSCA
+        subEntity: issueGroups
+        params:
+          filter: ISSUE[11111111-1111-1111-1111-111111111151]:SCA
+          groupingtype: 11111111-1111-1111-1111-111111111150
+      - propertyName: issueCounts
+        subEntity: issueGroups
+        params:
+          groupingtype: 11111111-1111-1111-1111-111111111150        
+  vulnerability:
+    filterParam: ISSUE[11111111-1111-1111-1111-111111111151]:SCA   # Have SSC return only SCA issues
+    embed:                                                         # Also load details as required for GitHub output
+      - subEntity: details     
+
+export.dir: ${CI_PROJECT_DIR:${export.default.dir}} # Unless overridden, use CI_PROJECT_DIR if defined, otherwise default export dir
+json.awshub.sast.output:
+  stdout: false                      # Useful for debugging, disabled for optimal performance
+  pretty: true                       # Useful for debugging, disable for optimal performance
+  file:   ${export.dir}/awshub-fortify-sast.json