Merge branch 'gitlab-debricked' of https://github.com/kadraman/Fortif…

…yVulnerabilityExporter into gitlab-debricked

� Conflicts:
�	README.md

.github/workflows/ci.yml

@@ -70,6 +70,10 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Update documentation resources
+        if: env.DO_BUILD
+        run: bash doc-resources/update-repo-docs.sh
+
       - name: Build release ${{env.RELEASE_VERSION}}
         if: env.DO_BUILD
         run: ./gradlew dist distThirdParty -Pversion=${{env.RELEASE_VERSION}}
@@ -139,4 +143,4 @@ jobs:
 
 
 
-
+

.github/workflows/update-repo-docs.yml

@@ -0,0 +1,25 @@
+name: doc-resource-updater
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '5 4 * * *'
+  push:
+    branches:
+      - main
+
+jobs:
+  update-repo-doc-resources:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+      with:
+        ref: ${{ github.head_ref }}
+
+    - name: Update documentation resources
+      run: bash doc-resources/update-repo-docs.sh
+
+    - uses: stefanzweifel/git-auto-commit-action@v4
+      with:
+        commit_message: 'docs: Auto-update documentation resources' 

CODE_OF_CONDUCT.md

@@ -0,0 +1,39 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+We as contributors and maintainers pledge to make participation in our project and community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity
+and orientation. We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.
+
+## Our Standards
+Examples of behavior that contributes to a positive environment for our community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others’ private information, such as a physical or email address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Enforcement Responsibilities
+Project maintainers are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful. Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+
+## Scope
+This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
+
+## Enforcement
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the project maintainers. All complaints will be reviewed and investigated promptly and fairly. The project maintainers are obligated to respect the privacy and security of the reporter of any incident.
+
+## Attribution
+This Code of Conduct is adapted from the Contributor Covenant, version 2.0, available at https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. Community Impact Guidelines were inspired by Mozilla’s code of conduct enforcement ladder. For answers to common questions about this code of conduct, see the FAQ at https://www.contributor-covenant.org/faq. Translations are available at https://www.contributor-covenant.org/translations.
+
+---
+
+*This document was auto-generated from CODE_OF_CONDUCT.template.md; do not edit by hand*

CONTRIBUTING.md

@@ -0,0 +1,126 @@
+# Contributing to FortifyVulnerabilityExporter
+
+## Contribution Agreement
+
+Contributions like bug fixes and enhancements may be submitted through Pull Requests on this repository. Before we can accept 3<sup>rd</sup>-party pull requests, you will first need to sign and submit the [Micro Focus Contribution Agreement](https://github.com/fortify/repo-resources/raw/main/static/Open%20Source%20Contribution%20Agreement%20Jan2020v1.pdf). Please make sure to mention your GitHub username when submitting the form, to allow us to verify that the author of a pull request has accepted this agreement. 
+
+
+<!-- START-INCLUDE:repo-devinfo.md -->
+
+## Information for Developers
+
+The following sections provide information that may be useful for developers of FortifyVulnerabilityExporter.
+
+
+<!-- START-INCLUDE:devinfo/h3.release-please.md -->
+
+### Conventional commits & versioning
+
+Versioning is handled automatically by [`release-please-action`](https://github.com/google-github-actions/release-please-action) based on [Conventional Commits](https://www.conventionalcommits.org/). Every commit to the `main`
+branch should follow the Conventional Commits convention. Following are some examples; these can be combined in a single commit message (separated by empty lines), or you can have commit messages describing just a single fix or feature.
+
+```
+chore: Won't show up in changelog
+
+ci: Change to GitHub Actions workflow; won't show up in changelog
+
+docs: Change to documentation; won't show up in changelog
+
+fix: Some fix (#2)
+
+feat: New feature (#3)
+
+feat!: Some feature that breaks backward compatibility
+
+feat: Some feature
+  BREAKING-CHANGE: No longer supports xyz
+```
+
+See the output of `git log` to view some sample commit messages.
+
+`release-please-action` invoked from the GitHub CI workflow generates pull requests containing updated `CHANGELOG.md` and `version.txt` files based on these commit messages. Merging the pull request will result in a new release version being published; this includes publishing the image to Docker Hub, and creating a GitHub release describing the changes.
+
+<!-- END-INCLUDE:devinfo/h3.release-please.md -->
+
+
+
+<!-- START-INCLUDE:devinfo/h3.lombok.md -->
+
+### Lombok
+
+This project uses Lombok. Gradle builds will automatically handle Lombok annotations, but to have your IDE compile this project without errors, you may need to add Lombok support to your IDE. Please see https://projectlombok.org/setup/overview for more information.
+
+<!-- END-INCLUDE:devinfo/h3.lombok.md -->
+
+
+
+<!-- START-INCLUDE:devinfo/h3.gradle-wrapper.md -->
+
+### Gradle Wrapper
+
+It is strongly recommended to build this project using the included Gradle Wrapper scripts; using other Gradle versions may result in build errors and other issues.
+
+<!-- END-INCLUDE:devinfo/h3.gradle-wrapper.md -->
+
+
+
+<!-- START-INCLUDE:devinfo/p.gradle-helpers.md -->
+
+The Gradle build uses various helper scripts from https://github.com/fortify-ps/shared-gradle-helpers; please refer to the documentation and comments in included scripts for more information. 
+
+<!-- END-INCLUDE:devinfo/p.gradle-helpers.md -->
+
+
+### Common Commands
+
+All commands listed below use Linux/bash notation; adjust accordingly if you are running on a different platform. All commands are to be executed from the main project directory.
+
+* `./gradlew tasks --all`: List all available tasks
+* Build: (plugin binary will be stored in `build/libs`)
+	* `./gradlew clean build`: Clean and build the project
+	* `./gradlew build`: Build the project without cleaning
+	* `./gradlew dist distThirdParty`: Build distribution zip and third-party information bundle
+* `./fortify-scan.sh`: Run a Fortify scan; requires Fortify SCA to be installed
+
+### Plugin Development
+
+FortifyVulnerabilityExporter provides a plugin framework that allows for developing custom plugins that extend the functionality of FortifyVulnerabilityExporter. For example, custom plugins can load vulnerability data from some
+alternative source, or export vulnerability data to some alternative target.
+
+Instructions for implementing a plugin that can load vulnerability data:
+
+* Provide implementations for the following two interfaces interface defined in `FortifyVulnerabilityExporter-api`:
+    * `com.fortify.vulnexport.api.vuln.loader.IVulnerabilityLoaderFactory`
+    * `com.fortify.vulnexport.api.vuln.loader.IVulnerabilityLoader`
+* Rather than implementing these interfaces directly, implementations usually extend from the following abstract classes defined in `FortifyVulnerabilityExporter-spi-from`:
+    * `com.fortify.vulnexport.spi.source.vuln.loader.AbstractVulnerabilityLoaderFactory<C>`
+    * `com.fortify.vulnexport.spi.source.vuln.loader.AbstractVulnerabilityLoader`
+* The `IVulnerabilityLoaderFactory` implementation class needs to be annotated with Spring's `@Component` annotation
+* Implementations may re-use functionality and API's provided in both the `FortifyVulnerabilityExporter-spi-from` and 
+  `FortifyVulnerabilityExporter-api` projects
+
+Instructions for implementing a plugin that can export vulnerability data to another system or output format:
+
+* Provide implementations for the following two interfaces interface defined in `FortifyVulnerabilityExporter-api`:
+    * `com.fortify.vulnexport.api.vuln.consumer.IVulnerabilityConsumerFactory`
+    * `com.fortify.vulnexport.api.vuln.consumer.IVulnerabilityConsumer`
+* Rather than implementing these interfaces directly, implementations usually extend from the following abstract classes defined in `FortifyVulnerabilityExporter-spi-to`:
+    * `com.fortify.vulnexport.spi.target.vuln.consumer.AbstractVulnerabilityConsumerFactory<C>`
+    * `com.fortify.vulnexport.spi.source.vuln.consumer.AbstractVulnerabilityConsumer`
+* The `IVulnerabilityConsumerFactory` implementation class needs to be annotated with Spring's `@Component` annotation
+* Implementations may re-use functionality and API's provided in both the `FortifyVulnerabilityExporter-spi-to` and 
+  `FortifyVulnerabilityExporter-api` projects
+
+Plugins may define `compileOnly` dependencies in their `build.gradle` file to reference any dependencies that are
+(directly or transitively) defined as `implementation` or `runtimeOnly` dependencies in the main FortifyVulnerabilityExporter `build.gradle` file, for example the various `com.fortify.client.api:common-*` dependencies or `javax.validation:validation-api` dependency. 
+
+Plugins may define `implementation` dependencies in their `build.gradle` file to reference any dependencies that are not available through the main FortifyVulnerabilityExporter `build.gradle` file. Care must be taken that such dependencies (including their transitive dependencies) do not conflict with any of the dependencies already provided by FortifyVulnerabilityExporter.
+
+Plugins are added to the Java classpath using Spring Boot's [PropertyLauncher](https://docs.spring.io/spring-boot/docs/2.4.3/reference/html/appendix-executable-jar-format.html#executable-jar-property-launcher-features) feature.
+
+<!-- END-INCLUDE:repo-devinfo.md -->
+
+
+---
+
+*This document was auto-generated from CONTRIBUTING.template.md; do not edit by hand*

LICENSE.txt

@@ -0,0 +1,25 @@
+MIT License
+
+Copyright 2023 Micro Focus or one of its affiliates
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is furnished
+to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+---
+
+*This document was auto-generated from LICENSE.MIT.template.txt; do not edit by hand*