Common Deployment Scenarios
Scenario 1 - Uploading a Fortify FPR with embedded source code
If you have a fortify FPR report with source code embedded, you can run an analysis through Bugsy without needing to connect to your repository. In this case, simply use the analyze mode and use -p (--src-path) and point it at the FPR file.
For example, let's say we a file call fortify.fpr that contains both the SAST report + Source code:
Explanation:
-f .\fortify.fprspecifies the location of the SAST report-p .\fortify.fprspecifies the location of the source code (in this case embedded in the FPR file)-r https://my_repo_urlspecifies the location of the actual repository. We encourage that this field is specified correctly, as it tells Mobb where the fix commits should go to.--api-key xxxxxxxspecify your API key here
Scenario 2 - Automatically create pull requests for trusted fixes
If you want Mobb to automatically generate pull requests for trusted fixes, you must first enable it under your Project Settings --> Fix Policy as shown here.
Explanation:
--auto-prwill tell Mobb to respect the fix policy as defined in the project settings and generate a pull request for the issue types where automatic PR is enabled in in the fix policy.
Scenario 3 - Automatically commit fixes to a target branch
If you want to enable automatic commit for trusted fixes, you must first enable it under your Project Settings --> Fix Policy, as shown here.
This scenario is typically reserved for directly committing the fixes to a development branch.
Explanation:
--auto-prwill tell Mobb to respect the fix policy as defined in the project settings--commit-directlywill tell Mobb that instead of generating a Pull Request, generate a commit on the branch specified by--ref dev
Last updated
Was this helpful?