diff --git a/doc-resources/repo-usage.md b/doc-resources/repo-usage.md index 7ce731c..e6e32b9 100644 --- a/doc-resources/repo-usage.md +++ b/doc-resources/repo-usage.md @@ -446,7 +446,7 @@ fortify_scanning: dast: gl-fortify-dast.json ``` -The configuration file `/config/FoDToGitLab.yml` used in this example outputs all available GitLab reports. Alternatively, you can use `/config/FoDToGitLabSAST.yml` or `/config/FoDToGitLabDAST.yml` to output only a SAST or DAST report respectively. Note that contrary to the [SSC implementation](#ssc-to-gitlab), outputting Sonatype/dependency scanning +The configuration file `/config/FoDToGitLab.yml` used in this example outputs all available GitLab reports. Alternatively, you can use `/config/FoDToGitLabSAST.yml` or `/config/FoDToGitLabDAST.yml` to output only a SAST or DAST report respectively. Note that contrary to the [SSC implementation](#ssc-to-gitlab), outputting Debricked or Sonatype dependency scanning results from FoD is not yet supported. As described in the [CI/CD Integration](#cicd-integration) section, you can optionally combine this with other Fortify tools to create a full workflow that scans your code and makes the results available on GitLab. @@ -471,11 +471,12 @@ fortify_scanning: artifacts: reports: sast: gl-fortify-sast.json - dast: gl-fortify-dast.json - dependency_scanning: gl-fortify-depscan.json + dependency_scanning: gl-fortify-debricked-depscan.json + # Or for Sonatype Nexus IQ use: gl-fortify-sonatype-depscan.json ``` -The configuration file `/config/SSCToGitLab.yml` used in this example outputs all available GitLab reports. Alternatively, you can use `/config/SSCToGitLabSAST.yml`, `/config/SSCToGitLabDAST.yml`, or `/config/SSCToGitLabSonatype.yml` to output only a SAST, DAST or Sonatype report respectively. +The configuration file `/config/SSCToGitLab.yml` used in this example outputs all available GitLab reports. Alternatively, you can use `/config/SSCToGitLabSAST.yml`, `/config/SSCToGitLabDAST.yml`, `/config/SSCToGitLabDebricked.yml` or `/config/SSCToGitLabSonatype.yml` +to output only a SAST, DAST, Debricked SCA or Sonatype SCA report respectively. As described in the [CI/CD Integration](#cicd-integration) section, you can optionally combine this with other Fortify tools to create a full workflow that scans your code and makes the results available on GitLab. @@ -558,6 +559,7 @@ At the moment of writing, DefectDojo supports GitLab SAST and GitLab Dependency * [Export FoD SAST results to a GitLab SAST report](#fod-to-gitlab) and import this report into DefectDojo * [Export SSC SAST results to a GitLab SAST report](#ssc-to-gitlab) and import this report into DefectDojo +* [Export SSC Debricked results to a GitLab Dependency Scanning report](#ssc-to-gitlab) and import this report into DefectDojo * [Export SSC Sonatype results to a GitLab Dependency Scanning report](#ssc-to-gitlab) and import this report into DefectDojo * [Export other FoD or SSC results to CSV format](#csv-export) and import the CSV file into DefectDojo