fix: Fix GitLab instructions (fixes #30)

USAGE.md

@@ -428,9 +428,13 @@ The following sections describe how to use the `fortifydocker/fortify-vulnerabil
 The following example illustrates how to utilize the `fortify/fortify-vulnerability-exporter` 
 Docker image to integrate FortifyVulnerabilityExporter into a GitLab CI/CD pipeline for exporting vulnerability data from FoD to GitLab.
 
+Note that to avoid GitLab passing `sh` as an argument to FortifyVulnerabilityExporter (which will fail, as FortifyVulnerabilityExporter will interpret `sh` as the name of a configuration file), we need to override the image entrypoint and manually invoke the utility in the `script` section.
+
 ```
 fortify_scanning:
-  image: fortifydocker/fortify-vulnerability-exporter
+  image: 
+    name: fortifydocker/fortify-vulnerability-exporter
+    entrypoint: [""]
   variables:
     export_config: /config/FoDToGitLab.yml
     fod_baseUrl: https://ams.fortify.com
@@ -440,7 +444,7 @@ fortify_scanning:
     fod_release_name: MyApp:MyRelease
     # Or use fod_release_id: 1234
   script: 
-  - echo Script entry is required but not used
+  - java -DpopulateContainerDirs=true -cp "/app/classpath/*:app/libs/*" com.fortify.vulnexport.FortifyVulnerabilityExporter
   when: manual
   allow_failure: true
   artifacts:
@@ -458,17 +462,21 @@ As described in the [CI/CD Integration](#cicd-integration) section, you can opti
 
 The following example illustrates how to utilize the `fortify/fortify-vulnerability-exporter` Docker image to integrate FortifyVulnerabilityExporter into a GitLab CI/CD pipeline for exporting vulnerability data from SSC to GitLab.
 
+Note that to avoid GitLab passing `sh` as an argument to FortifyVulnerabilityExporter (which will fail, as FortifyVulnerabilityExporter will interpret `sh` as the name of a configuration file), we need to override the image entrypoint and manually invoke the utility in the `script` section.
+
 ```
 fortify_scanning:
-  image: fortifydocker/fortify-vulnerability-exporter
+  image: 
+    name: fortifydocker/fortify-vulnerability-exporter
+    entrypoint: [""]
   variables:
     export_config: /config/SSCToGitLab.yml
     ssc_baseUrl: ${SSC_BASE_URL}
     ssc_authToken: ${SSC_CI_TOKEN_DECODED}
     ssc_version_name: MyApp:MyVersion
     # Or use ssc_version_id: 1234
   script: 
-  - echo Script entry is required but not used
+  - java -DpopulateContainerDirs=true -cp "/app/classpath/*:app/libs/*" com.fortify.vulnexport.FortifyVulnerabilityExporter
   when: manual
   allow_failure: true
   artifacts:

doc-resources/repo-usage.md

@@ -425,9 +425,13 @@ The following sections describe how to use the `fortifydocker/fortify-vulnerabil
 The following example illustrates how to utilize the `fortify/fortify-vulnerability-exporter` 
 Docker image to integrate FortifyVulnerabilityExporter into a GitLab CI/CD pipeline for exporting vulnerability data from FoD to GitLab.
 
+Note that to avoid GitLab passing `sh` as an argument to FortifyVulnerabilityExporter (which will fail, as FortifyVulnerabilityExporter will interpret `sh` as the name of a configuration file), we need to override the image entrypoint and manually invoke the utility in the `script` section.
+
 ```
 fortify_scanning:
-  image: fortifydocker/fortify-vulnerability-exporter
+  image: 
+    name: fortifydocker/fortify-vulnerability-exporter
+    entrypoint: [""]
   variables:
     export_config: /config/FoDToGitLab.yml
     fod_baseUrl: https://ams.fortify.com
@@ -437,7 +441,7 @@ fortify_scanning:
     fod_release_name: MyApp:MyRelease
     # Or use fod_release_id: 1234
   script: 
-  - echo Script entry is required but not used
+  - java -DpopulateContainerDirs=true -cp "/app/classpath/*:app/libs/*" com.fortify.vulnexport.FortifyVulnerabilityExporter
   when: manual
   allow_failure: true
   artifacts:
@@ -455,17 +459,21 @@ As described in the [CI/CD Integration](#cicd-integration) section, you can opti
 
 The following example illustrates how to utilize the `fortify/fortify-vulnerability-exporter` Docker image to integrate FortifyVulnerabilityExporter into a GitLab CI/CD pipeline for exporting vulnerability data from SSC to GitLab.
 
+Note that to avoid GitLab passing `sh` as an argument to FortifyVulnerabilityExporter (which will fail, as FortifyVulnerabilityExporter will interpret `sh` as the name of a configuration file), we need to override the image entrypoint and manually invoke the utility in the `script` section.
+
 ```
 fortify_scanning:
-  image: fortifydocker/fortify-vulnerability-exporter
+  image: 
+    name: fortifydocker/fortify-vulnerability-exporter
+    entrypoint: [""]
   variables:
     export_config: /config/SSCToGitLab.yml
     ssc_baseUrl: ${SSC_BASE_URL}
     ssc_authToken: ${SSC_CI_TOKEN_DECODED}
     ssc_version_name: MyApp:MyVersion
     # Or use ssc_version_id: 1234
   script: 
-  - echo Script entry is required but not used
+  - java -DpopulateContainerDirs=true -cp "/app/classpath/*:app/libs/*" com.fortify.vulnexport.FortifyVulnerabilityExporter
   when: manual
   allow_failure: true
   artifacts: