feat: Initial release in separate repository

.gitattributes

@@ -0,0 +1,21 @@
+# by default use heuristics
+*		text=auto
+
+# standard text files
+*.java		text
+*.properties	text
+*.gradle	text
+*.cfg		text
+*.xml		text
+*.json		text
+
+# binary file
+*.png		-text
+*.jpg		-text
+*.pdf		-text
+
+# special text files
+# NB: we must undo effect of "* text=auto" here
+*.bat		!text eol=crlf
+*.sh		!text eol=lf
+gradlew		!text eof=lf

.github/workflows/build-dev-release.yml

@@ -0,0 +1,65 @@
+on: 
+  push: 
+    branches:
+      - '**'
+
+env:
+  DIST_DIR: ${{ github.workspace }}/build/dist
+
+name: Build development release
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check-out source code
+        uses: actions/checkout@v2
+
+      - name: Define development release info
+        if: startsWith(github.ref, 'refs/heads/')
+        run: |
+          branch="${GITHUB_REF#refs/heads/}"
+          tag="dev_${branch//[^a-zA-Z0-9_.-]/.}" # Replace all special characters by a dot
+          echo DO_BUILD=true >> $GITHUB_ENV # We always want to do a build if we're building a branch
+          echo BRANCH=${branch} >> $GITHUB_ENV
+          echo RELEASE_TAG=${tag} >> $GITHUB_ENV
+          
+          if git ls-remote --exit-code origin refs/tags/${tag} >/dev/null 2>&1; then
+            echo "Found tag ${tag}, development release will be published"
+            echo DO_RELEASE=true >> $GITHUB_ENV
+          else 
+            echo "Tag ${tag} does not exist, no development release will be published"
+          fi
+          
+      - name: Build development release
+        if: env.DO_BUILD
+        run: ./gradlew dist distThirdParty
+
+      - name: Publish build artifacts
+        if: env.DO_BUILD
+        uses: actions/upload-artifact@v2
+        with:
+          name: build_artifacts
+          path: ${{ env.DIST_DIR }}
+
+      - name: Update development release tag
+        uses: richardsimko/update-tag@v1
+        if: env.DO_RELEASE
+        with:
+          tag_name: ${{ env.RELEASE_TAG }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 
+
+      - name: Create pre-release
+        if: env.DO_RELEASE
+        run: |
+          files=$(find "${{ env.DIST_DIR }}" -type f -printf "%p ")
+          gh release delete ${{ env.RELEASE_TAG }} -y || true
+          gh release create ${{ env.RELEASE_TAG }} -p -t "Development Release - ${{ env.BRANCH }} branch" -n 'See `Assets` section below for latest build artifacts' ${files}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 
+
+
+
+
+
+

.github/workflows/build-prod-release.yml

@@ -0,0 +1,48 @@
+on:
+  push:
+    branches:
+      - main
+
+env:
+  DIST_DIR: ${{ github.workspace }}/build/dist
+
+name: Build production release
+jobs:
+  build-and-release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check-out source code
+        uses: actions/checkout@v2
+
+      - name: Generate and process release PR
+        id: release_please
+        uses: GoogleCloudPlatform/release-please-action@v2
+        with:
+          release-type: simple
+          package-name: ${{ github.event.repository.name }}
+
+      - name: Define production release info
+        if: steps.release_please.outputs.release_created
+        run: |
+          tag=${{steps.release_please.outputs.tag_name}}
+          version=${{steps.release_please.outputs.version}}
+          major=${{steps.release_please.outputs.major}}
+          minor=${{steps.release_please.outputs.minor}}
+          patch=${{steps.release_please.outputs.patch}}
+          echo DO_RELEASE=true >> $GITHUB_ENV
+          echo RELEASE_TAG=${tag} >> $GITHUB_ENV
+          echo RELEASE_VERSION=${version} >> $GITHUB_ENV
+          
+      - name: Build production release
+        if: env.DO_RELEASE
+        run: ./gradlew dist distThirdParty -Pversion=${{env.RELEASE_VERSION}}
+
+      - name: Upload assets to release
+        if: env.DO_RELEASE
+        run: |
+          tag=${{ steps.release_please.outputs.tag_name }}
+          files=$(find "${{ env.DIST_DIR }}" -type f -printf "%p ")
+          gh release upload "${tag}" $files --clobber
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+

.github/workflows/update-repo-docs.yml

@@ -0,0 +1,25 @@
+name: doc-resource-updater
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '5 4 * * *'
+  push:
+    branches:
+      - main
+
+jobs:
+  update-repo-doc-resources:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+      with:
+        ref: ${{ github.head_ref }}
+
+    - name: Update documentation resources
+      run: bash doc-resources/update-repo-docs.sh
+
+    - uses: stefanzweifel/git-auto-commit-action@v4
+      with:
+        commit_message: 'docs: Auto-update documentation resources' 

.gitignore

@@ -0,0 +1,17 @@
+.gradle/
+.shelf/
+build/
+bin/
+out/
+dist/
+*.iml
+*.iws
+*.ipr
+.settings/
+.classpath
+.settings
+.project
+*~
+rebel.xml
+.idea/
+/fortifyRepository

CODE_OF_CONDUCT.md

@@ -0,0 +1,39 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+We as contributors and maintainers pledge to make participation in our project and community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity
+and orientation. We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.
+
+## Our Standards
+Examples of behavior that contributes to a positive environment for our community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes, and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others’ private information, such as a physical or email address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Enforcement Responsibilities
+Project maintainers are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful. Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+
+## Scope
+This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
+
+## Enforcement
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the project maintainers. All complaints will be reviewed and investigated promptly and fairly. The project maintainers are obligated to respect the privacy and security of the reporter of any incident.
+
+## Attribution
+This Code of Conduct is adapted from the Contributor Covenant, version 2.0, available at https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. Community Impact Guidelines were inspired by Mozilla’s code of conduct enforcement ladder. For answers to common questions about this code of conduct, see the FAQ at https://www.contributor-covenant.org/faq. Translations are available at https://www.contributor-covenant.org/translations.
+
+---
+
+*This document was auto-generated from CODE_OF_CONDUCT.template.md; do not edit by hand*

CONTRIBUTING.md

@@ -0,0 +1,96 @@
+# Contributing to Fortify SSC Parser Plugin for Debricked results
+
+## Contribution Agreement
+
+Contributions like bug fixes and enhancements may be submitted through Pull Requests on this repository. Before we can accept 3<sup>rd</sup>-party pull requests, you will first need to sign and submit the [Micro Focus Contribution Agreement](https://github.com/fortify/repo-resources/raw/main/static/Open%20Source%20Contribution%20Agreement%20Jan2020v1.pdf). Please make sure to mention your GitHub username when submitting the form, to allow us to verify that the author of a pull request has accepted this agreement. 
+
+
+<!-- START-INCLUDE:repo-devinfo.md -->
+
+
+<!-- START-INCLUDE:devinfo/h2.standard-parser-devinfo.md -->
+
+## Information for Developers
+
+The following sections provide information that may be useful for developers of this parser plugin.
+
+
+<!-- START-INCLUDE:devinfo/h3.release-please.md -->
+
+### Conventional commits & versioning
+
+Versioning is handled automatically by [`release-please-action`](https://github.com/google-github-actions/release-please-action) based on [Conventional Commits](https://www.conventionalcommits.org/). Every commit to the `main`
+branch should follow the Conventional Commits convention. Following are some examples; these can be combined in a single commit message (separated by empty lines), or you can have commit messages describing just a single fix or feature.
+
+```
+chore: Won't show up in changelog
+
+ci: Change to GitHub Actions workflow; won't show up in changelog
+
+docs: Change to documentation; won't show up in changelog
+
+fix: Some fix (#2)
+
+feat: New feature (#3)
+
+feat!: Some feature that breaks backward compatibility
+
+feat: Some feature
+  BREAKING-CHANGE: No longer supports xyz
+```
+
+See the output of `git log` to view some sample commit messages.
+
+`release-please-action` invoked from the GitHub CI workflow generates pull requests containing updated `CHANGELOG.md` and `version.txt` files based on these commit messages. Merging the pull request will result in a new release version being published; this includes publishing the image to Docker Hub, and creating a GitHub release describing the changes.
+
+<!-- END-INCLUDE:devinfo/h3.release-please.md -->
+
+
+
+<!-- START-INCLUDE:devinfo/h3.lombok.md -->
+
+### Lombok
+
+This project uses Lombok. Gradle builds will automatically handle Lombok annotations, but to have your IDE compile this project without errors, you may need to add Lombok support to your IDE. Please see https://projectlombok.org/setup/overview for more information.
+
+<!-- END-INCLUDE:devinfo/h3.lombok.md -->
+
+
+
+<!-- START-INCLUDE:devinfo/h3.gradle-wrapper.md -->
+
+### Gradle Wrapper
+
+It is strongly recommended to build this project using the included Gradle Wrapper scripts; using other Gradle versions may result in build errors and other issues.
+
+<!-- END-INCLUDE:devinfo/h3.gradle-wrapper.md -->
+
+
+
+<!-- START-INCLUDE:devinfo/p.gradle-helpers.md -->
+
+The Gradle build uses various helper scripts from https://github.com/fortify-ps/shared-gradle-helpers; please refer to the documentation and comments in included scripts for more information. 
+
+<!-- END-INCLUDE:devinfo/p.gradle-helpers.md -->
+
+
+### Common Commands
+
+All commands listed below use Linux/bash notation; adjust accordingly if you are running on a different platform. All commands are to be executed from the main project directory.
+
+* `./gradlew tasks --all`: List all available tasks
+* Build: (plugin binary will be stored in `build/libs`)
+	* `./gradlew clean build`: Clean and build the project
+	* `./gradlew build`: Build the project without cleaning
+	* `./gradlew dist distThirdParty`: Build distribution zip and third-party information bundle
+* `./fortify-scan.sh`: Run a Fortify scan; requires Fortify SCA to be installed
+
+<!-- END-INCLUDE:devinfo/h2.standard-parser-devinfo.md -->
+
+
+<!-- END-INCLUDE:repo-devinfo.md -->
+
+
+---
+
+*This document was auto-generated from CONTRIBUTING.template.md; do not edit by hand*

LICENSE.txt

@@ -0,0 +1,25 @@
+MIT License
+
+Copyright 2023 Micro Focus or one of its affiliates
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is furnished
+to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+---
+
+*This document was auto-generated from LICENSE.MIT.template.txt; do not edit by hand*