Skip to content
This repository was archived by the owner on Aug 13, 2025. It is now read-only.
This repository was archived by the owner on Aug 13, 2025. It is now read-only.

Sarif - any way to parameterize the output file name? #74

Open
Open
Sarif - any way to parameterize the output file name?#74
@bwitonskiOT

Description

@bwitonskiOT
bwitonskiOT
opened on May 23, 2024

Opening issue on behalf of Nikola Aleksandrov naleksandrov@opentext.com and ValueEdge ticket 11A1620012:

Hello team,

If we use the option "SSCToGitHub" the SARIF output is generated with the output file name as "gh-fortify-sast.sarif", this is fine and it is working as expected.

The Output file name is hard coded inside the file ".\config\SSCToGitHub.yml" like below:

...

sarif.output: ${export.dir}/gh-fortify-sast.sarif

...

Is there any way to parameterize the output file name?

The scenario will be like below:

PROJECTNAME="WebGoat"

Start loop for each VERSION in: "10, 20, 30, 40, 50"

Generate SARIF: java -jar FortifyVulnerabilityExporter.jar SSCToGitHub --ssc.baseUrl= --ssc.user= --ssc.password= --ssc.version.name="{PROJECTNAME}:${VERSION}"

Hint: the output file name should be generated with the name ${PROJECTNAME}_${VERSION}.sarif

End loop

After the loop, the below SARIF files should be created in the current folder.

WebGoat_10.sarif

WebGoat_20.sarif

WebGoat_30.sarif

WebGoat_40.sarif

WebGoat_50.sarif

is it possible?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions