Getting Timeout on running FOD command

[ronaldfrancisabas]

Question

We would like to check why the following command takes time to complete in which resulting to timeout
FortifyVulnerabilityExporter FoDToGitLabSAST --fod.baseUrl=$FOD_URL --fod.tenant="$FOD_TENANT" --fod.userName="$FOD_USERNAME" --fod.password="$FOD_PAT" --fod.release.id=$FOD_RELEASE

[rsenden]

Hi, can you provide some more details? Does the command itself generate a timeout error, is it your pipeline that's timing out because the command is taking too long, ...? How many vulnerabilities do you have in your FoD release, and how long does it take until timeout? Any logs/snippets you can share?

The command needs to load all vulnerability data from FoD, which may take quite some time, especially if you have a large number of vulnerabilities, and FoD rate limiting may further reduce performance.

Although it probably won't make much difference regarding performance, have you checked out the same functionality that's now available in fcli? fcli fod action run gitlab-sast-report
As mentioned in the deprecation notice, we plan on deprecating FortifyVulnerabilityExporter and ask customers to move to fcli.