Upgrade Fortify GitHub Action and checkout version

dylanbthomas · web-flow · commit 01f72fa381c2 · 2026-03-18T16:48:56.000-04:00
Updated Fortify workflow to use newer action versions and added additional scan options.
diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml
@@ -32,7 +32,7 @@ jobs:
     steps:
       # Check out source code
       - name: Check Out Source Code
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       # Java is required to run the various Fortify utilities. Ensuring proper version is installed on the runner.
       - name: Setup Java
@@ -42,19 +42,15 @@ jobs:
           distribution: 'temurin'
 
       # Perform Fortify on Demand SAST + SCA scan and import SAST results into GitHub code scanning alerts
-      - name: Run FoD SAST Scan
-        uses: fortify/github-action@v2
-        with:
-          sast-scan: true
-          debricked-sca-scan: true
+      - name: Run FoD SAST+SCA Scan
+        uses: fortify/github-action@v3
         env:
           FOD_URL: https://ams.fortify.com
           FOD_TENANT: ${{secrets.FOD_TENANT}}
           FOD_USER: ${{secrets.FOD_USER}}
           FOD_PASSWORD: ${{secrets.FOD_PAT}}
-          DO_EXPORT: true
-          DO_SETUP: true
-          SETUP_EXTRA_OPTS: --copy-from "${{ github.repository }}:${{ github.event.repository.default_branch }}"
-          DO_JOB_SUMMARY: true
-          DO_PR_COMMENT: true
+          DO_SCA_SCAN: true
+          DO_AVIATOR_AUDIT: true
+          COPY_FROM_RELEASE: "${{ github.repository }}:${{ github.event.repository.default_branch }}"
+          #DO_PR_COMMENT: true
           #DO_POLICY_CHECK: true
