feat: Initial release

Author: rsenden

.github/workflows/build-dev-release.yml

@@ -0,0 +1,65 @@
+on: 
+  push: 
+    branches:
+      - '**'
+
+env:
+  DIST_DIR: ${{ github.workspace }}/build/dist
+
+name: Build development release
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check-out source code
+        uses: actions/checkout@v2
+      
+      - name: Define development release info
+        if: startsWith(github.ref, 'refs/heads/')
+        run: |
+          branch="${GITHUB_REF#refs/heads/}"
+          tag="dev_${branch//[^a-zA-Z0-9_.-]/.}" # Replace all special characters by a dot
+          echo DO_BUILD=true >> $GITHUB_ENV # We always want to do a build if we're building a branch
+          echo BRANCH=${branch} >> $GITHUB_ENV
+          echo RELEASE_TAG=${tag} >> $GITHUB_ENV
+          
+          if git ls-remote --exit-code origin refs/tags/${tag} >/dev/null 2>&1; then
+            echo "Found tag ${tag}, development release will be published"
+            echo DO_RELEASE=true >> $GITHUB_ENV
+          else 
+            echo "Tag ${tag} does not exist, no development release will be published"
+          fi
+          
+      - name: Build development release
+        if: env.DO_BUILD
+        run: ./gradlew dist distThirdParty
+        
+      - name: Publish build artifacts
+        if: env.DO_BUILD
+        uses: actions/upload-artifact@v2
+        with:
+          name: build_artifacts
+          path: ${{ env.DIST_DIR }}
+          
+      - name: Update development release tag
+        uses: richardsimko/update-tag@v1
+        if: env.DO_RELEASE
+        with:
+          tag_name: ${{ env.RELEASE_TAG }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 
+        
+      - name: Create pre-release
+        if: env.DO_RELEASE
+        run: |
+          files=$(find "${{ env.DIST_DIR }}" -type f -printf "%p ")
+          gh release delete ${{ env.RELEASE_TAG }} -y || true
+          gh release create ${{ env.RELEASE_TAG }} -p -t "Development Release - ${{ env.BRANCH }} branch" -n 'See `Assets` section below for latest build artifacts' ${files}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 
+          
+      
+          
+      
+
+      

.github/workflows/build-prod-release.yml

@@ -0,0 +1,48 @@
+on:
+  push:
+    branches:
+      - main
+      
+env:
+  DIST_DIR: ${{ github.workspace }}/build/dist
+      
+name: Build production release
+jobs:
+  build-and-release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check-out source code
+        uses: actions/checkout@v2
+      
+      - name: Generate and process release PR
+        id: release_please
+        uses: GoogleCloudPlatform/release-please-action@v2
+        with:
+          release-type: simple
+          package-name: ${{ github.event.repository.name }}
+          
+      - name: Define production release info
+        if: steps.release_please.outputs.release_created
+        run: |
+          tag=${{steps.release_please.outputs.tag_name}}
+          version=${{steps.release_please.outputs.version}}
+          major=${{steps.release_please.outputs.major}}
+          minor=${{steps.release_please.outputs.minor}}
+          patch=${{steps.release_please.outputs.patch}}
+          echo DO_RELEASE=true >> $GITHUB_ENV
+          echo RELEASE_TAG=${tag} >> $GITHUB_ENV
+          echo RELEASE_VERSION=${version} >> $GITHUB_ENV
+          
+      - name: Build production release
+        if: env.DO_RELEASE
+        run: ./gradlew dist distThirdParty -Pversion=${{env.RELEASE_VERSION}}
+      
+      - name: Upload assets to release
+        if: env.DO_RELEASE
+        run: |
+          tag=${{ steps.release_please.outputs.tag_name }}
+          files=$(find "${{ env.DIST_DIR }}" -type f -printf "%p ")
+          gh release upload "${tag}" $files --clobber
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          

.gitignore

@@ -0,0 +1,18 @@
+.gradle/
+.shelf/
+build/
+out/
+dist/
+*.iml
+*.iws
+*.ipr
+*~
+rebel.xml
+.idea/
+/fortifyRepository
+.settings/
+bin/
+lombok.config
+.classpath
+.project
+*.fpr

LICENSE.TXT

@@ -0,0 +1,23 @@
+The MIT License (MIT)
+(c) Copyright 2020 Micro Focus or one of its affiliates, a Micro Focus company
+
+Permission is hereby granted, free of charge, to any person obtaining a 
+copy of this software and associated documentation files (the 
+"Software"), to deal in the Software without restriction, including without 
+limitation the rights to use, copy, modify, merge, publish, distribute, 
+sublicense, and/or sell copies of the Software, and to permit persons to 
+whom the Software is furnished to do so, subject to the following 
+conditions:
+
+The above copyright notice and this permission notice shall be included 
+in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY 
+KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE 
+WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 
+PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, 
+DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF 
+CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 
+IN THE SOFTWARE.

README.md

@@ -0,0 +1,145 @@
+<x-tag-head>
+<x-tag-meta http-equiv="X-UA-Compatible" content="IE=edge"/>
+
+<x-tag-script language="JavaScript"><!--
+<X-INCLUDE url="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@10.0.0/build/highlight.min.js"/>
+--></x-tag-script>
+
+<x-tag-script language="JavaScript"><!--
+<X-INCLUDE url="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js" />
+--></x-tag-script>
+
+<x-tag-script language="JavaScript"><!--
+<X-INCLUDE url="${gradleHelpersLocation}/spa_readme.js" />
+--></x-tag-script>
+
+<x-tag-style><!--
+<X-INCLUDE url="https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@10.0.0/build/styles/github.min.css" />
+--></x-tag-style>
+
+<x-tag-style><!--
+<X-INCLUDE url="${gradleHelpersLocation}/spa_readme.css" />
+--></x-tag-style>
+</x-tag-head>
+
+# Fortify SSC Parser Plugin for Local PHP Security Checker
+
+## Introduction
+
+This Fortify SSC parser plugin allows for importing scan results from [Local PHP Security Checker](https://github.com/fabpot/local-php-security-checker).
+
+### Related Links
+
+* **Downloads**: https://github.com/fortify-ps/fortify-ssc-parser-php-security-checker/releases
+    * _Development releases may be unstable or non-functional. The `*-thirdparty.zip` file is for informational purposes only and does not need to be downloaded._
+* **Sample input files**: [sampleData](sampleData)
+* **GitHub**: https://github.com/fortify-ps/fortify-ssc-parser-php-security-checker
+* **Automated builds**: https://github.com/fortify-ps/fortify-ssc-parser-php-security-checker/actions
+* **Local PHP Security Checker repository**: https://github.com/fabpot/local-php-security-checker
+
+
+## Plugin Installation
+
+These sections describe how to install, upgrade and uninstall the plugin.
+
+### Install & Upgrade
+
+* Obtain the plugin binary jar file
+	* Either download from Bintray (see [Related Links](#related-links)) 
+	* Or by building yourself (see [Developers](#developers))
+* If you already have another version of the plugin installed, first uninstall the previously 
+ installed version of the plugin by following the steps under [Uninstall](#uninstall) below
+* In Fortify Software Security Center:
+	* Navigate to Administration->Plugins->Parsers
+	* Click the `NEW` button
+	* Accept the warning
+	* Upload the plugin jar file
+	* Enable the plugin by clicking the `ENABLE` button
+  
+### Uninstall
+
+* In Fortify Software Security Center:
+	* Navigate to Administration->Plugins->Parsers
+	* Select the parser plugin that you want to uninstall
+	* Click the `DISABLE` button
+	* Click the `REMOVE` button 
+
+
+## Obtain results
+
+Please see the Local PHP Security Checker documentation for details on checking applications and 
+generating reports. Note that the SSC parser plugin requires the uploaded reports to be in JSON
+format.
+
+## Upload results
+
+SSC web interface (manual upload):
+
+* Navigate to the Artifacts tab of your application version
+* Click the `UPLOAD` button
+* Click the `ADD FILES` button, and select the JSON file to upload
+* Enable the `3rd party results` check box
+* Select the `PHP_SECCHECK` type
+  
+SSC clients (FortifyClient, Maven plugin, ...):
+
+* Generate a scan.info file containing a single line as follows:  
+`engineType=PHP_SECCHECK`
+* Generate a zip file containing the following:
+	* The scan.info file generated in the previous step
+	* The JSON file containing scan results
+* Upload the zip file generated in the previous step to SSC
+	* Using any SSC client, for example FortifyClient
+	* Similar to how you would upload an FPR file
+
+
+
+## Developers
+
+The following sections provide information that may be useful for developers of this utility.
+
+### IDE's
+
+This project uses Lombok. In order to have your IDE compile this project without errors, 
+you may need to add Lombok support to your IDE. Please see https://projectlombok.org/setup/overview 
+for more information.
+
+### Gradle Wrapper
+
+It is strongly recommended to build this project using the included Gradle Wrapper
+scripts; using other Gradle versions may result in build errors and other issues.
+
+The Gradle build uses various helper scripts from https://github.com/fortify-ps/gradle-helpers;
+please refer to the documentation and comments in included scripts for more information. 
+
+### Common Commands
+
+All commands listed below use Linux/bash notation; adjust accordingly if you
+are running on a different platform. All commands are to be executed from
+the main project directory.
+
+* `./gradlew tasks --all`: List all available tasks
+* Build: (plugin binary will be stored in `build/libs`)
+	* `./gradlew clean build`: Clean and build the project
+	* `./gradlew build`: Build the project without cleaning
+	* `./gradlew dist distThirdParty`: Build distribution zip and third-party information bundle
+* `./fortify-scan.sh`: Run a Fortify scan; requires Fortify SCA to be installed
+
+### Automated Builds
+
+This project uses GitHub Actions workflows to perform automated builds for both development and production releases. All pushes to the main branch qualify for building a production release. Commits on the main branch should use [Conventional Commit Messages](https://www.conventionalcommits.org/en/v1.0.0/); it is recommended to also use conventional commit messages on any other branches.
+
+User-facing commits (features or fixes) on the main branch will trigger the [release-please-action](https://github.com/google-github-actions/release-please-action) to automatically create a pull request for publishing a release version. This pull request contains an automatically generated CHANGELOG.md together with a version.txt based on the conventional commit messages on the main branch. Merging such a pull request will automatically publish the production binaries and Docker images to the locations described in the [Related Links](#related-links) section.
+
+Every push to a branch in the GitHub repository will also automatically trigger a development release to be built. By default, development releases are only published as build job artifacts. However, if a tag named `dev_<branch-name>` exists, then development releases are also published to the locations described in the [Related Links](#related-links) section. The `dev_<branch-name>` tag will be automatically updated to the commit that triggered the build.
+
+
+## License
+<x-insert text="<!--"/>
+
+See [LICENSE.TXT](LICENSE.TXT)
+
+<x-insert text="-->"/>
+
+<x-include url="file:LICENSE.TXT"/>
+

build.gradle

@@ -0,0 +1,58 @@
+plugins {
+  id "io.freefair.lombok" version "5.3.0"
+  id 'com.github.jk1.dependency-license-report' version '1.16'
+  id "org.kordamp.gradle.markdown" version "2.2.0"
+}
+
+group 'com.fortify.ssc.parser.symphony-security-checker'
+ext.getVersion = {
+	def result = project.findProperty('version');
+	return !result || result=='unspecified' ? new Date().format('0.yyyyMMdd.HHmmss') : result;
+}
+version = ext.getVersion();
+ext.sscParserPluginVersion = project.version
+
+ext {
+	gradleHelpersLocation = "https://raw.githubusercontent.com/fortify-ps/gradle-helpers/1.5"
+}
+
+apply from: "${gradleHelpersLocation}/repo-helper.gradle"
+apply from: "${gradleHelpersLocation}/junit-helper.gradle"
+apply from: "${gradleHelpersLocation}/fortify-helper.gradle"
+apply from: "${gradleHelpersLocation}/ssc-parser-plugin-helper.gradle"
+apply from: "${gradleHelpersLocation}/thirdparty-helper.gradle"
+apply from: "${gradleHelpersLocation}/readme2html.gradle"
+
+apply plugin: 'java'
+sourceCompatibility = 1.8
+
+sourceSets {
+    test {
+        resources {
+            srcDir "sampleData"
+        }
+    }
+}
+
+configurations.all {
+    // Don't cache modules that may change (i.e. snapshots)
+	resolutionStrategy.cacheChangingModulesFor 0, 'seconds'
+}
+
+dependencies {
+    implementationExport(group: 'com.fortify.ssc.parser.util', name: 'fortify-ssc-parser-util-json', version:'1.4', changing: false) { transitive = true }
+}
+
+task dist(type: Zip) {
+	dependsOn 'build', 'readme2html'
+	archiveFileName = "${rootProject.name}-${project.version}.zip"
+	destinationDirectory = file("$buildDir/dist")
+	from("${buildDir}/${libsDirName}") {
+		include "${rootProject.name}-${project.version}.jar"
+	}
+	from "${buildDir}/html"
+	from("${projectDir}") {
+		include "sampleData/**/*"
+		include "LICENSE.TXT"
+	}
+}

fortify-scan.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+# Set scan options
+# Modular scan doesn't work properly yet, so for now we just add the fortify-ssc-parser-util build model
+# Note that either approach requires fortify-ssc-parser-util to be translated/scanned on the same machine
+# before running this script.
+#scanOpts="-include-modules fortify-ssc-parser-util -scan"
+scanOpts="-b fortify-ssc-parser-util -scan" 
+
+# Load and execute actual scan script from GitHub
+curl -s https://raw.githubusercontent.com/fortify-ps/gradle-helpers/1.0/fortify-scan.sh | bash -s - ${scanOpts}

gradle/wrapper/gradle-wrapper.jar

@@ -0,0 +1,5 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-6.8.3-bin.zip
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists