feat: Adding an fcli action to enable local scanning using the source analyzer

fcli-core/fcli-ssc/src/main/resources/com/fortify/cli/ssc/actions/zip/sourceanalyzer-local-scan.yaml

@@ -0,0 +1,75 @@
+# yaml-language-server: $schema=https://fortify.github.io/fcli/schemas/action/fcli-action-schema-dev-2.x.json
+
+author: Fortify
+usage:
+  header: (PREVIEW) Run local SourceAnalyzer scan and upload to SSC
+  description: |
+    This action performs a local Fortify SourceAnalyzer scan against the given source directory,
+    writes an FPR file, and uploads the resulting artifact to SSC if an application version is specified.
+
+config:
+  output: immediate
+  rest.target.default: ssc
+  run.fcli.status.log.default: true
+  run.fcli.status.check.default: true
+
+cli.options:
+  sourceDir:
+    names: --source-dir, -d
+    description: Source directory to scan
+    required: false
+    default: .
+  buildId:
+    names: --build-id, -b
+    description: SourceAnalyzer build id
+    required: false
+    default: fcli-local-scan
+  fprFile:
+    names: --output-fpr-file, -o
+    description: Output FPR file path
+    required: false
+    default: sourceanalyzer.fpr
+  sourceAnalyzerVersion:
+    names: --sourceanalyzer-version, -v
+    description: |
+      SourceAnalyzer version, installation path, latest, or auto.
+      Defaults to SOURCEANALYZER_HOME or SOURCEANALYZER_VERSION env vars, then auto.
+    required: false
+    default: ${#ifBlank(#env('SOURCEANALYZER_HOME'),#ifBlank(#env('SOURCEANALYZER_VERSION'),'auto'))}
+  extraTranslateOpts:
+    names: --extra-translate-opts
+    description: Extra options to pass to the SourceAnalyzer translate phase
+    required: false
+  extraScanOpts:
+    names: --extra-scan-opts
+    description: Extra options to pass to the SourceAnalyzer scan phase
+    required: false
+  appversion:
+    names: --appversion, --av
+    description: SSC application version id or <appName>:<versionName>; if specified, upload scan results to SSC
+    required: false
+  skipWait:
+    names: --skip-wait
+    description: Skip waiting for SSC artifact processing after upload
+    required: false
+    type: boolean
+    default: false
+
+steps:
+  - var.set:
+      resolvedFprFile: ${#resolveAgainstCurrentWorkDir(cli.fprFile)}
+      artifactStoreVar: sa_local_scan_${#action.runID().replace('-','_')}
+      waitForCmd: 'fcli ssc artifact wait-for ::${artifactStoreVar}::'
+
+  - run.fcli:
+      SETUP_TOOLS: fcli tool env init "--tools=sourceanalyzer:${cli.sourceAnalyzerVersion}"
+      TRANSLATE: fcli tool sourceanalyzer run -- -b "${cli.buildId}" ${cli.sourceDir} ${cli.extraTranslateOpts}
+      SCAN: fcli tool sourceanalyzer run -- -b "${cli.buildId}" -scan -f "${resolvedFprFile}" ${cli.extraScanOpts}
+
+  - if: ${#isNotBlank(cli.appversion)}
+    run.fcli:
+      UPLOAD: fcli ssc artifact upload --av "${cli.appversion}" -f "${resolvedFprFile}" --store ${artifactStoreVar}
+
+  - if: ${#isNotBlank(cli.appversion) && !cli.skipWait}
+    run.fcli:
+      WAIT: ${waitForCmd}