From 3e6f05e6a6b22d6fd7a5fe4a73bd6a0312637a8d Mon Sep 17 00:00:00 2001
From: acleary-0 <142839800+acleary-0@users.noreply.github.com>
Date: Fri, 6 Jun 2025 09:45:40 -0400
Subject: [PATCH 1/3] chore(project): enable fortify on demand

---
 .github/workflows/fortify.yml | 42 +++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 .github/workflows/fortify.yml

diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml
new file mode 100644
index 0000000..858e5cd
--- /dev/null
+++ b/.github/workflows/fortify.yml
@@ -0,0 +1,42 @@
+name: "FOD-SAST"
+# Please change the events according to your needs: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows
+on:
+  pull_request:
+  workflow_dispatch:
+  push:
+    branches:    
+      - 'main'
+
+jobs:
+  SourceCode:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read 
+      contents: read
+      security-events: write
+      pull-requests: write
+      
+    steps:
+      - name: Check Out Source Code
+        uses: actions/checkout@v4
+
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          java-version: 11
+          distribution: 'temurin'
+
+      - name: Run FoD SAST Scan
+        uses: fortify/github-action@v1.6.3
+        with:
+          sast-scan: true
+        env:
+          FOD_TENANT: 'factset'
+          FOD_CLIENT_ID: ${{ secrets.FOD_API_KEY }}
+          FOD_CLIENT_SECRET: ${{ secrets.FOD_SECRET }}
+          FOD_RELEASE: ${{ secrets.FOD_RELEASE_ID }}
+          FOD_URL: "https://ams.fortify.com/"
+          FOD_API_URL: "https://api.ams.fortify.com/"
+          FOD_SAST_SCAN_EXTRA_OPTS: --notes='Triggered by GitHub Actions (${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})'
+          PACKAGE_EXTRA_OPTS: "-bt none --exclude .git/* --exclude .github/* --exclude node_modules"
+          SC_CLIENT_VERSION: 25.2.0

From 58ede7c43f10dc5bfcd3773abcb54f81c3df16e8 Mon Sep 17 00:00:00 2001
From: acleary-0 <142839800+acleary-0@users.noreply.github.com>
Date: Fri, 6 Jun 2025 09:47:30 -0400
Subject: [PATCH 2/3] chore(project): change event default

---
 .github/workflows/fortify.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml
index 858e5cd..2f8db32 100644
--- a/.github/workflows/fortify.yml
+++ b/.github/workflows/fortify.yml
@@ -1,7 +1,6 @@
 name: "FOD-SAST"
 # Please change the events according to your needs: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows
 on:
-  pull_request:
   workflow_dispatch:
   push:
     branches:    

From 93b6be853e2a4f8cfafd7c82eaaf278acc3218c8 Mon Sep 17 00:00:00 2001
From: acleary-0 <142839800+acleary-0@users.noreply.github.com>
Date: Fri, 6 Jun 2025 09:51:13 -0400
Subject: [PATCH 3/3] chore(project): modified tenant value

---
 .github/workflows/fortify.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/fortify.yml b/.github/workflows/fortify.yml
index 2f8db32..3e47ece 100644
--- a/.github/workflows/fortify.yml
+++ b/.github/workflows/fortify.yml
@@ -30,7 +30,7 @@ jobs:
         with:
           sast-scan: true
         env:
-          FOD_TENANT: 'factset'
+          FOD_TENANT: ${{ secrets.FOD_TENANT }}
           FOD_CLIENT_ID: ${{ secrets.FOD_API_KEY }}
           FOD_CLIENT_SECRET: ${{ secrets.FOD_SECRET }}
           FOD_RELEASE: ${{ secrets.FOD_RELEASE_ID }}