From 5f8adbe8bcecc78dadf059d5fb81eab1e09e4fe8 Mon Sep 17 00:00:00 2001
From: Mike Snowden <5297545+MikeTheSnowman@users.noreply.github.com>
Date: Thu, 24 Jul 2025 16:19:31 +1000
Subject: [PATCH] Add Fortify security scanning to CI/CD pipeline

---
 .github/workflows/ci.yml | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d961eae243..c4ba2a9fa5 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -461,4 +461,23 @@ jobs:
           git add .
           git commit -m "Update documentation for ${{ needs.build.outputs.release_tag }}"
           git push
-          
\ No newline at end of file
+          
+  fortify_scan:
+    name: Fortify Security Scan
+    needs: [docker, publishPages]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check-out source code
+        uses: actions/checkout@v4
+      - name: Run Fortify on Demand SCA Scan
+        uses: fortify/github-action@v2
+        with:
+          sast-scan: false
+          debricked-sca-scan: true
+        env:
+          FOD_URL: https://ams.fortify.com
+          FOD_TENANT: FranklinBank24
+          FOD_PAT: ${{ secrets.FOD_PAT }}
+          FOD_CLIENT_ID: ${{ secrets.FOD_CLIENT_ID }}
+          FOD_CLIENT_SECRET: ${{ secrets.FOD_CLIENT_SECRET }}
+          DEBRICKED_API_TOKEN: ${{ secrets.DEBRICKED_API_TOKEN }}
\ No newline at end of file