Merge Spring update changes (#18)

* Updating Spring Boot to 2.7.17. * User Registration Serialization. * GitHub Actions and Scripts
fortify-presales · Feb 6, 2024 · 2460400 · 2460400
1 parent c938604
commit 2460400
Show file tree

Hide file tree

Showing 21 changed files with 463 additions and 364 deletions.
diff --git a/.github/actions/gradle-fod-oss-scan/action.yml b/.github/actions/gradle-fod-oss-scan/action.yml
@@ -1,116 +1,116 @@
-name: "Gradle FoD OSS Scan (via Debricked)"
-description: "Runs a Fortify on Demand OSS SCA scan of a Gradle application"
-inputs:
-  working_directory:
-    required: false
-    description: "Relative directory (from root of repository) from where to run commands"
-    default: "."
-  fod_url:
-    required: false
-    description: "FoD API URI"
-    default: "https://ams.fortify.com"
-  fod_api_url:
-    required: false
-    description: "FoD API URI"
-    default: "https://api.ams.fortify.com"
-  fod_client_id:
-    required: true
-    description: "FoD API Client Id"
-  fod_client_secret:
-    required: true
-    description: "FoD API Client Secret"
-  fod_app_name:
-    required: true
-    description: "FoD Application Name"
-  fod_release_name:
-    required: true
-    description: "FoD Release Name"
-  fod_parent_release_name:
-    required: false
-    description: "FoD Parent Release Name"
-    default: "develop"
-  gradle_version:
-    required: false
-    description: "Version of Gradle to use"
-    default: "7.3"
-outputs:
-  fod_scan_id:
-    description: "FoD Scan Id"
-    value: ${{ steps.fod-oss-scan.outputs.fod_scan_id }}
-runs:
-  using: "composite"
-  steps:
-    # Java is required to run the various Fortify utilities.
-    # Setup JDK 11 on host
-    - uses: actions/setup-java@v3
-      with:
-        distribution: 'temurin'
-        java-version: '11'
-    # Install appropriate version of Gradle
-    - name: Setup Gradle
-      uses: gradle/gradle-build-action@v2
-      with:
-        gradle-version: ${{ inputs.gradle_version }}
-    # Install Fortify tools
-    - name: Setup Fortify tools
-      uses: fortify/github-action/setup@v1
-      with:
-        export-path: true
-        fcli: latest
-        sc-client: skip
-        fod-uploader: skip
-        vuln-exporter: latest
-        bugtracker-utility: skip
-    # Login to Fortify on Demand fcli session
-    - name: Login fcli
-      working-directory: ${{ env.BASE_DIR }}
-      shell: bash
-      run: |
-        fcli --version
-        fcli fod session login --url $FOD_API_URI --client-id $FOD_CLIENT_ID --client-secret $FOD_CLIENT_SECRET --session github-actions
-      env:
-        FOD_API_URI: ${{ inputs.fod_api_url }}
-        FOD_CLIENT_ID: ${{ inputs.fod_client_id }}
-        FOD_CLIENT_SECRET: ${{ inputs.fod_client_secret }}
-    # Create a new Fortify on Demand release for GitHub branch
-    - name: Create FoD release
-      id: create-release
-      working-directory: ${{ env.BASE_DIR }}
-      shell: bash
-      run: |
-        fcli fod release list --app "$FOD_APP_NAME" --session github-actions
-        echo fcli fod release create "${FOD_APP_NAME}:${FOD_RELEASE_NAME}" --description "Created automatically from GitHub" --copy-from "${FOD_APP_NAME}:${FOD_PARENT_RELEASE_NAME}" --status Development --skip-if-exists -o expr="{releaseId}" --session github-actions
-        RELID=$(fcli fod release create "${FOD_APP_NAME}:${FOD_RELEASE_NAME}" --description "Created automatically from GitHub" --copy-from "${FOD_APP_NAME}:${FOD_PARENT_RELEASE_NAME}" --status Development --skip-if-exists -o expr="{releaseId}" --session github-actions)
-        echo "::debug::Created/Using fod_release_id=${RELID}"
-        echo "release_id=${RELID}" >> $GITHUB_OUTPUT
-      env:
-        FOD_APP_NAME: ${{ inputs.fod_app_name }}
-        FOD_RELEASE_NAME: ${{ inputs.fod_release_name }}
-        FOD_PARENT_RELEASE_NAME: ${{ inputs.fod_parent_release_name }}
-    # Create dependencies "lock" file
-    # TODO: use debricked CLI
-    - name: Create dependencies lock file + package
-      shell: bash
-      run: |
-        rm -f package.zip
-        curl -L https://github.com/debricked/cli/releases/latest/download/cli_linux_x86_64.tar.gz | tar -xz debricked
-        ./debricked resolve
-        zip package *.lock
-    # Start Fortify on Demand OSS scan and wait until results complete.
-    - name: Perform FoD OSS scan
-      id: fod-oss-scan
-      working-directory: ${{ env.BASE_DIR }}
-      shell: bash
-      run: |
-        fcli fod oss-scan start --release "${FOD_RELEASE_NAME}" -f $PACKAGE_FILE --store curScan --session github-actions
-        sleep 10
-        echo "fod_scan_id=$(fcli util var get ::curScan::)" >> $GITHUB_OUTPUT
-        fcli fod oss-scan wait-for ::curScan:: --session github-actions
-      env:
-        PACKAGE_FILE: "package.zip"
-        FOD_RELEASE_NAME: ${{ format('{0}:{1}', inputs.fod_app_name, inputs.fod_release_name) }}
-    # Logout/Close Fortify on Demand fcli session
-    - name: Logout fcli
-      shell: bash
-      run: |
-        fcli fod session logout --session github-actions
+name: "Gradle FoD OSS Scan (via Debricked)"
+description: "Runs a Fortify on Demand OSS SCA scan of a Gradle application"
+inputs:
+  working_directory:
+    required: false
+    description: "Relative directory (from root of repository) from where to run commands"
+    default: "."
+  fod_url:
+    required: false
+    description: "FoD API URI"
+    default: "https://ams.fortify.com"
+  fod_api_url:
+    required: false
+    description: "FoD API URI"
+    default: "https://api.ams.fortify.com"
+  fod_client_id:
+    required: true
+    description: "FoD API Client Id"
+  fod_client_secret:
+    required: true
+    description: "FoD API Client Secret"
+  fod_app_name:
+    required: true
+    description: "FoD Application Name"
+  fod_release_name:
+    required: true
+    description: "FoD Release Name"
+  fod_parent_release_name:
+    required: false
+    description: "FoD Parent Release Name"
+    default: "main"
+  gradle_version:
+    required: false
+    description: "Version of Gradle to use"
+    default: "7.3"
+outputs:
+  fod_scan_id:
+    description: "FoD Scan Id"
+    value: ${{ steps.fod-oss-scan.outputs.fod_scan_id }}
+runs:
+  using: "composite"
+  steps:
+    # Java is required to run the various Fortify utilities.
+    # Setup JDK 11 on host
+    - uses: actions/setup-java@v3
+      with:
+        distribution: 'temurin'
+        java-version: '11'
+    # Install appropriate version of Gradle
+    - name: Setup Gradle
+      uses: gradle/gradle-build-action@v2
+      with:
+        gradle-version: ${{ inputs.gradle_version }}
+    # Install Fortify tools
+    - name: Setup Fortify tools
+      uses: fortify/github-action/setup@v1.1.0
+      with:
+        export-path: true
+        fcli: latest
+        sc-client: skip
+        fod-uploader: skip
+        vuln-exporter: latest
+        bugtracker-utility: skip
+    # Login to Fortify on Demand fcli session
+    - name: Login fcli
+      working-directory: ${{ env.BASE_DIR }}
+      shell: bash
+      run: |
+        fcli --version
+        fcli fod session login --url $FOD_API_URI --client-id $FOD_CLIENT_ID --client-secret $FOD_CLIENT_SECRET --session github-actions
+      env:
+        FOD_API_URI: ${{ inputs.fod_api_url }}
+        FOD_CLIENT_ID: ${{ inputs.fod_client_id }}
+        FOD_CLIENT_SECRET: ${{ inputs.fod_client_secret }}
+    # Create a new Fortify on Demand release for GitHub branch
+    - name: Create FoD release
+      id: create-release
+      working-directory: ${{ env.BASE_DIR }}
+      shell: bash
+      run: |
+        fcli fod release list --app "$FOD_APP_NAME" --session github-actions
+        echo fcli fod release create "${FOD_APP_NAME}:${FOD_RELEASE_NAME}" --description "Created automatically from GitHub" --copy-from "${FOD_APP_NAME}:${FOD_PARENT_RELEASE_NAME}" --status Development --skip-if-exists -o expr="{releaseId}" --session github-actions
+        RELID=$(fcli fod release create "${FOD_APP_NAME}:${FOD_RELEASE_NAME}" --description "Created automatically from GitHub" --copy-from "${FOD_APP_NAME}:${FOD_PARENT_RELEASE_NAME}" --status Development --skip-if-exists -o expr="{releaseId}" --session github-actions)
+        echo "::debug::Created/Using fod_release_id=${RELID}"
+        echo "release_id=${RELID}" >> $GITHUB_OUTPUT
+      env:
+        FOD_APP_NAME: ${{ inputs.fod_app_name }}
+        FOD_RELEASE_NAME: ${{ inputs.fod_release_name }}
+        FOD_PARENT_RELEASE_NAME: ${{ inputs.fod_parent_release_name }}
+    # Create dependencies "lock" file
+    # TODO: use debricked CLI
+    - name: Create dependencies lock file + package
+      shell: bash
+      run: |
+        rm -f package.zip
+        curl -L https://github.com/debricked/cli/releases/latest/download/cli_linux_x86_64.tar.gz | tar -xz debricked
+        ./debricked resolve
+        zip package *.lock
+    # Start Fortify on Demand OSS scan and wait until results complete.
+    - name: Perform FoD OSS scan
+      id: fod-oss-scan
+      working-directory: ${{ env.BASE_DIR }}
+      shell: bash
+      run: |
+        fcli fod oss-scan start --release "${FOD_RELEASE_NAME}" -f $PACKAGE_FILE --store curScan --session github-actions
+        sleep 10
+        echo "fod_scan_id=$(fcli util var get ::curScan::)" >> $GITHUB_OUTPUT
+        fcli fod oss-scan wait-for ::curScan:: --session github-actions
+      env:
+        PACKAGE_FILE: "package.zip"
+        FOD_RELEASE_NAME: ${{ format('{0}:{1}', inputs.fod_app_name, inputs.fod_release_name) }}
+    # Logout/Close Fortify on Demand fcli session
+    - name: Logout fcli
+      shell: bash
+      run: |
+        fcli fod session logout --session github-actions