kadraman
diff --git a/‎.github/workflows/main_insecureapi.yml‎ ‎.github/workflows/azurewebapp.yml‎.github/workflows/main_insecureapi.yml renamed to .github/workflows/azurewebapp.yml
Lines changed: 4 additions & 11 deletions b/‎.github/workflows/main_insecureapi.yml‎ ‎.github/workflows/azurewebapp.yml‎.github/workflows/main_insecureapi.yml renamed to .github/workflows/azurewebapp.yml
Lines changed: 4 additions & 11 deletions
diff --git a/‎.github/workflows/fod.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/fod.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎config/default.json‎
Lines changed: 4 additions & 4 deletions b/‎config/default.json‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎config/production.json‎
Lines changed: 2 additions & 2 deletions b/‎config/production.json‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎config/test.json‎
Lines changed: 1 addition & 1 deletion b/‎config/test.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎migrations/001-schema.sql‎
Lines changed: 0 additions & 58 deletions b/‎migrations/001-schema.sql‎
Lines changed: 0 additions & 58 deletions
diff --git a/‎migrations/002-data.sql‎
Lines changed: 0 additions & 89 deletions b/‎migrations/002-data.sql‎
Lines changed: 0 additions & 89 deletions
@@ -1,7 +1,7 @@
 # Docs for the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
 # More GitHub Actions for Azure: https://github.com/Azure/actions
 
-name: Build and deploy Node.js app to Azure Web App - insecureapi
+name: Build and deploy Node.js app to Azure Web App
 
 on:
   push:
@@ -14,24 +14,18 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: read #This is required for actions/checkout
-
     steps:
       - uses: actions/checkout@v4
-
       - name: Set up Node.js version
         uses: actions/setup-node@v3
         with:
           node-version: '20.x'
-
       - name: npm install, build, and test
         run: |
           npm install
           npm run build --if-present
-          npm run test --if-present
-
       - name: Zip artifact for deployment
         run: zip release.zip ./* -r
-
       - name: Upload artifact for deployment job
         uses: actions/upload-artifact@v4
         with:
@@ -41,17 +35,16 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     needs: build
-    
-    
+    permissions:
+      contents: read #This is required for actions/checkout
+      id-token: write # Required for Azure authentication
     steps:
       - name: Download artifact from build job
         uses: actions/download-artifact@v4
         with:
           name: node-app
-
       - name: Unzip artifact for deployment
         run: unzip release.zip
-      
       - name: 'Deploy to Azure Web App'
         id: deploy-to-webapp
         uses: azure/webapps-deploy@v3
 
@@ -131,8 +131,8 @@ jobs:
       - name: Run Fortify on Demand SAST and SCA Scan
         uses: fortify/github-action@v2
         with:
-          sast-scan: ${{ github.event.inputs.runFoDSASTScan }}
-          debricked-sca-scan: ${{ github.event.inputs.runFoDOSSScan }}
+          sast-scan: true
+          debricked-sca-scan: false
         env:
           FOD_URL: ${{ vars.FOD_URL }}
           #FOD_TENANT: ${{secrets.FOD_TENANT}}
@@ -189,7 +189,7 @@ jobs:
           fcli fod session login --url $FOD_API_URI --client-id $FOD_CLIENT_ID --client-secret $FOD_CLIENT_SECRET --fod-session github-actions
           rm -f $PACKAGE_FILE
           debricked resolve
-          zip $PACKAGE_FILE requirements.txt.pip.debricked.lock debricked-config.yaml     
+          zip $PACKAGE_FILE package-lock.json debricked-config.yaml     
           fcli fod oss-scan start --release "${FOD_RELEASE}" -f $PACKAGE_FILE --store curScan --fod-session github-actions
           sleep 10
           echo "fod_scan_id=$(fcli util var contents curScan -o 'expr={scanId}')" >> $GITHUB_OUTPUT
 
@@ -1,9 +1,9 @@
 {
   "App": {
-    "name": "IWA-API",
+    "name": "InsecureRestAPI",
     "version": "1.0",
-    "description": "IWA-API - An insecure Node/Express REST API for use in Fortify demonstrations.",
-    "port":  3000,
+    "description": "InsecureRestAPI - An insecure NodeJS/Express/MongoDB REST API.",
+    "port":  5000,
     "dbConfig": {
       "host": "127.0.0.1",
       "port": 27017,
@@ -16,7 +16,7 @@
       "audience": "https://iwa-api.onfortify.com"
     },
     "apiConfig": {
-      "url": "http://localhost:3000",
+      "url": "http://localhost:5000",
       "version": "v1",
       "description": "Development server"
     },
 
@@ -1,14 +1,14 @@
 {
   "App": {
     "dbConfig": {
-      "host": "mongodb",
+      "host": "127.0.0.1",
       "port": 27017,
       "user": "iwa",
       "password": "iwa",
       "database": "iwa"
     },
     "apiConfig": {
-      "url": "https://iwa-api.onfortify.com",
+      "url": "https://insecureapi.azurewebsites.net",
       "version": "v1",
       "description": "Production server"
     },
 
@@ -8,7 +8,7 @@
       "database": "iwa-test"
     },
     "apiConfig": {
-      "url": "https://localhost:3000",
+      "url": "https://localhost:5000",
       "version": "v1",
       "description": "Test Server"
     },