I'm adapting s/4 sdk pipeline for our project and would like to introduce fortify scan stage within the pipeline.
Here I could find parameters that the fortifyScan stage requires:
fortifyScan:
sscUrl: 'https://fortify.dummy.corp.domain/ssc'
fortifyApiCredentialId: 'FortifyApiToken'
fortifyBasicAuthId: 'FortifyBasicAuth'
fortifyProjectName: 'mySampleProject'
projectVersionId: '12345'
From the source code of s/4 sdk pipeline lib I can derive that secret hidden under the value of fortifyBasicAuthId is placed into the Authorization header with prefix "Basic ".
What is expected there as the secret? Is it really Base64 encoded bytes of "user:password" pair belonging to user that has access to my Fortify project?
You're right the value is the base64 encoded string of user:password. The user has to be a Fortify user with permissions to the project.