feat: Add Debricked support for GitLab SCA Import (implements fortify#52

for GitLab)
kadraman · Jan 31, 2023 · 796d05b · 796d05b
1 parent 4e792c5
commit 796d05b
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/doc-resources/repo-usage.md b/doc-resources/repo-usage.md
@@ -446,7 +446,7 @@ fortify_scanning:
       dast: gl-fortify-dast.json
 ```
 
-The configuration file `/config/FoDToGitLab.yml` used in this example outputs all available GitLab reports. Alternatively, you can use `/config/FoDToGitLabSAST.yml` or `/config/FoDToGitLabDAST.yml` to output only a SAST or DAST report respectively. Note that contrary to the [SSC implementation](#ssc-to-gitlab), outputting Sonatype/dependency scanning 
+The configuration file `/config/FoDToGitLab.yml` used in this example outputs all available GitLab reports. Alternatively, you can use `/config/FoDToGitLabSAST.yml` or `/config/FoDToGitLabDAST.yml` to output only a SAST or DAST report respectively. Note that contrary to the [SSC implementation](#ssc-to-gitlab), outputting Debricked or Sonatype dependency scanning 
 results from FoD is not yet supported.
 
 As described in the [CI/CD Integration](#cicd-integration) section, you can optionally combine this with other Fortify tools to create a full workflow that scans your code and makes the results available on GitLab.
@@ -471,11 +471,12 @@ fortify_scanning:
   artifacts:
     reports:
       sast: gl-fortify-sast.json
-      dast: gl-fortify-dast.json
-      dependency_scanning: gl-fortify-depscan.json
+      dependency_scanning: gl-fortify-debricked-depscan.json
+      # Or for Sonatype Nexus IQ use: gl-fortify-sonatype-depscan.json
 ```
 
-The configuration file `/config/SSCToGitLab.yml` used in this example outputs all available GitLab reports. Alternatively, you can use `/config/SSCToGitLabSAST.yml`, `/config/SSCToGitLabDAST.yml`, or `/config/SSCToGitLabSonatype.yml` to output only a SAST, DAST or Sonatype report respectively.
+The configuration file `/config/SSCToGitLab.yml` used in this example outputs all available GitLab reports. Alternatively, you can use `/config/SSCToGitLabSAST.yml`, `/config/SSCToGitLabDAST.yml`, `/config/SSCToGitLabDebricked.yml` or `/config/SSCToGitLabSonatype.yml`
+to output only a SAST, DAST, Debricked SCA or Sonatype SCA report respectively.
 
 As described in the [CI/CD Integration](#cicd-integration) section, you can optionally combine this with other Fortify tools to create a full workflow that scans your code and makes the results available on GitLab.
 
@@ -558,6 +559,7 @@ At the moment of writing, DefectDojo supports GitLab SAST and GitLab Dependency
 
 * [Export FoD SAST results to a GitLab SAST report](#fod-to-gitlab) and import this report into DefectDojo
 * [Export SSC SAST results to a GitLab SAST report](#ssc-to-gitlab) and import this report into DefectDojo
+* [Export SSC Debricked results to a GitLab Dependency Scanning report](#ssc-to-gitlab) and import this report into DefectDojo
 * [Export SSC Sonatype results to a GitLab Dependency Scanning report](#ssc-to-gitlab) and import this report into DefectDojo
 * [Export other FoD or SSC results to CSV format](#csv-export) and import the CSV file into DefectDojo