Git Product home page Git Product logo

veracode-uploadandscan-action's Introduction

Veracode Upload And Scan Action

This action runs the Veracode Java Wrapper's 'upload and scan' action.

Inputs

appname

Required: STRING - The application name.

Default: '${{ github.repository }}'

createprofile

Required: BOOLEAN - True to create a new application profile.

Default: true

filepath

Required: STRING - Filepath or folderpath of the file or directory to upload. (If the last character is a backslash it needs to be escaped: \\).

version

Required: STRING - The name or version number of the new build.

Default: 'Scan from Github job: ${{ github.run_id }}'

vid

Required: Veracode API ID.

vkey

Required: Veracode API key.

Optional Inputs

createsandbox

Optional BOOLEAN - Set 'true' if the sandbox should be created on the Veracode platform

sandboxname

Optional STRING - The sandboxname inside the application profile name

scantimeout

Optional INTEGER - Number of minutes how long the action is waiting for the scan to complete. Use this to introduce break build functionality

exclude

Optional STRING - Exclude modules from modules selection / scanning. Case-sensitive, comma-separated list of module name patterns that represent the names of modules to not scan as top-level modules. The * wildcard matches 0 or more characters. The ? wildcard matches exactly one character.

include

Optional STRING - Include modules in modules selection / scanning. Case-sensitive, comma-separated list of module name patterns that represent the names of modules to scan as top-level modules. The * wildcard matches 0 or more characters. The ? wildcard matches exactly one character.

criticality

Optional STRING - Set the business criticality, autoamtically choosing the corresponding policy to rate findings. Options: VeryHigh, High, Medium, Low, VeryLow

pattern

Optional STRING - Case-sensitive filename pattern that represents the names of uploaded files to save with a different name. The * wildcard matches 0 or more characters. The ? wildcard matches exactly one character. Each wildcard corresponds to a numbered group that you can reference in the replacement pattern.

replacement

Optional STRING - Replacement pattern that references groups captured by the filename pattern. For example, if the filename pattern is --SNAPSHOT.war and the replacement pattern is $1-master-SNAPSHOT.war, an uploaded file named app-branch-SNAPSHOT.war is saved as app-master-SNAPSHOT.war.

sandboxid

Optional INTEGER - ID of the sandbox in which to run the scan.

scanallnonfataltoplevelmodules

Optional BOOLEAN - If this parameter is not set, the default is false. When set to true, if the application has more than one module, and at least one of the top-level modules does not have any fatal prescan errors, it starts the scan for those modules after prescan is complete.

selected

Optional BOOLEAN - Set this parameter to true to scan the modules currently selected in the Veracode Platform.

selectedpreviously

Optional BOOLEAN - Set to true to scan only the modules selected in the previous scan.

teams

Optional STRING - Required if you are creating a new application in the Veracode Platform. Comma-separated list of team names associated with the specified application.

toplevel

Optional BOOLEAN - When set to true, Veracode only scans the top-level modules in your files. Veracode recommends that you use the toplevel parameter if you want to ensure the scan completes even though there are non-fatal errors, such as unsupported frameworks.

deleteIncompleteScan

Optional BOOLEAN - Set to true to automatically delete the current scan if there are any errors when uploading files or starting the scan. If the include or exclude parameters are set, this parameter deletes the scan if there are errors when starting the scan after module selection. Defaults to false.

With the scan deleted automatically, you can create subsequent scans without having to manually delete an incomplete scan.

Example usage

The following example will upload all files contained within the folder_to_upload to Veracode and start a static scan.

The veracode credentials are read from github secrets. NEVER STORE YOUR SECRETS IN THE REPOSITORY.

name: Veracode Static Analysis Demo
on: workflow_dispatch
    
jobs:
  static_analysis:
    name: Static Analysis
    runs-on: ubuntu-latest
    
    steps:
      - name: Check out main branch
        uses: actions/checkout@v2
          
      - name: Veracode Upload And Scan
        uses: veracode/[email protected]
        with:
          appname: 'VeraDemo'
          createprofile: false
          filepath: 'app/target/verademo.war'
          vid: '${{ secrets.API_ID }}'
          vkey: '${{ secrets.API_KEY }}'
#          createsandbox: 'true'
#          sandboxname: 'SANDBOXNAME'
#          scantimeout: 0
#          exclude: '*.js'
#          include: '*.war'
#          criticality: 'VeryHigh'

veracode-uploadandscan-action's People

Contributors

julz0815 avatar unavailable-username avatar tjarrettveracode avatar githubrlloyd avatar alexey-anufriev avatar ck-wwt avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.