Skip to content
This repository was archived by the owner on Aug 13, 2025. It is now read-only.
This repository was archived by the owner on Aug 13, 2025. It is now read-only.

Sarif - any way to parameterize the output file name? #74

Open
Open
Sarif - any way to parameterize the output file name?#74
@bwitonskiOT

Description

@bwitonskiOT
bwitonskiOT
opened on May 23, 2024

Opening issue on behalf of Nikola Aleksandrov naleksandrov@opentext.com and ValueEdge ticket 11A1620012:

Hello team,

If we use the option "SSCToGitHub" the SARIF output is generated with the output file name as "gh-fortify-sast.sarif", this is fine and it is working as expected.

The Output file name is hard coded inside the file ".\config\SSCToGitHub.yml" like below:

...

sarif.output: ${export.dir}/gh-fortify-sast.sarif

...

Is there any way to parameterize the output file name?

The scenario will be like below:

PROJECTNAME="WebGoat"

Start loop for each VERSION in: "10, 20, 30, 40, 50"

Generate SARIF: java -jar FortifyVulnerabilityExporter.jar SSCToGitHub --ssc.baseUrl= --ssc.user= --ssc.password= --ssc.version.name="{PROJECTNAME}:${VERSION}"

Hint: the output file name should be generated with the name ${PROJECTNAME}_${VERSION}.sarif

End loop

After the loop, the below SARIF files should be created in the current folder.

WebGoat_10.sarif

WebGoat_20.sarif

WebGoat_30.sarif

WebGoat_40.sarif

WebGoat_50.sarif

is it possible?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions