From 150c1c57f25df4509613fa05ff4c5736cd28266d Mon Sep 17 00:00:00 2001
From: Mike Snowden <5297545+MikeTheSnowman@users.noreply.github.com>
Date: Wed, 23 Jul 2025 12:57:43 +1000
Subject: [PATCH] Add Fortify security scanning to CI/CD pipeline

---
 .github/workflows/ci.yml | 31 ++++++++++++++++++++++++++++++-
 1 file changed, 30 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d961eae243..ccc5b85a87 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -461,4 +461,33 @@ jobs:
           git add .
           git commit -m "Update documentation for ${{ needs.build.outputs.release_tag }}"
           git push
-          
\ No newline at end of file
+          
+  security_scan:
+    name: Fortify Security Scan
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check-out source code
+        uses: actions/checkout@v4
+
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+
+      - name: Run Fortify on Demand SCA Scan
+        uses: fortify/github-action@v2
+        with:
+          sast-scan: false
+          sca-scan: true
+          dast-scan: false
+          security-gateway-scan: false
+          debricked-sca-scan: false
+        env:
+          FOD_URL: https://ams.fortify.com
+          FOD_TENANT: FranklinBank24
+          FOD_PAT: ${{ secrets.FOD_PAT }}
+          FOD_CLIENT_ID: ${{ secrets.FOD_CLIENT_ID }}
+          FOD_CLIENT_SECRET: ${{ secrets.FOD_CLIENT_SECRET }}
+          DEBRICKED_API_TOKEN: ${{ secrets.DEBRICKED_API_TOKEN }}
\ No newline at end of file