From f8541101e66f733de74f9fe4d1eac268c033aef0 Mon Sep 17 00:00:00 2001 From: Jake Radcliffe Date: Wed, 19 Jun 2024 10:51:53 -0500 Subject: [PATCH 1/5] REPO-723 add logic to seperate scans names --- .github/workflows/veracode-code-analysis.yml | 12 ++++++------ .gitignore | 1 + 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/veracode-code-analysis.yml b/.github/workflows/veracode-code-analysis.yml index 17311faf..5c7819de 100644 --- a/.github/workflows/veracode-code-analysis.yml +++ b/.github/workflows/veracode-code-analysis.yml @@ -8,7 +8,7 @@ concurrency: on: repository_dispatch: - types: + types: - java-maven-pipeline-scan - java-maven-policy-scan - java-gradle-pipeline-scan @@ -38,7 +38,7 @@ jobs: register: uses: ./.github/workflows/veracode-check-run.yml with: - check_run_name: ${{ github.workflow }} + check_run_name: ${{ github.workflow }}${{ contains( github.event.action, 'policy') && ' - Policy Scan' || ' - Pipeline Scan' }} head_sha: ${{ github.event.client_payload.sha }} repositroy_owner: ${{ github.event.client_payload.repository.owner }} repositroy_name: ${{ github.event.client_payload.repository.name }} @@ -63,7 +63,7 @@ jobs: appname: ${{ github.event.client_payload.user_config.profile_name }} source_repository: ${{ github.event.client_payload.repository.full_name }} check_run_id: ${{ needs.register.outputs.run_id }} - + - name: Verify Policy name id: verify_policy_name if: success() @@ -81,7 +81,7 @@ jobs: start_line: ${{ github.event.client_payload.annotationObj.start_line }} end_line: ${{ github.event.client_payload.annotationObj.end_line }} break_build_invalid_policy: ${{github.event.client_payload.break_build_invalid_policy }} - + build: needs: validations uses: ./.github/workflows/veracode-build-artifact-for-scanning.yml @@ -114,7 +114,7 @@ jobs: filter_mitigated_flaws: ${{ github.event.client_payload.user_config.filter_mitigated_flaws }} language: ${{ github.event.client_payload.repository.language }} secrets: inherit - + policy_scan: needs: [build, register] if: contains(github.event.action, 'policy') @@ -136,4 +136,4 @@ jobs: break_build_on_error: ${{ github.event.client_payload.user_config.break_build_on_error }} filter_mitigated_flaws: ${{ github.event.client_payload.user_config.filter_mitigated_flaws }} language: ${{ github.event.client_payload.repository.language }} - secrets: inherit \ No newline at end of file + secrets: inherit diff --git a/.gitignore b/.gitignore index e43b0f98..4befed30 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ .DS_Store +.idea From e2b3173e92e65a396f28c3ac0820492a59de855a Mon Sep 17 00:00:00 2001 From: Jake Radcliffe Date: Wed, 19 Jun 2024 13:12:51 -0500 Subject: [PATCH 2/5] REPO-723 adjust name to remove scan --- .github/workflows/veracode-code-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/veracode-code-analysis.yml b/.github/workflows/veracode-code-analysis.yml index 5c7819de..bf1927ff 100644 --- a/.github/workflows/veracode-code-analysis.yml +++ b/.github/workflows/veracode-code-analysis.yml @@ -38,7 +38,7 @@ jobs: register: uses: ./.github/workflows/veracode-check-run.yml with: - check_run_name: ${{ github.workflow }}${{ contains( github.event.action, 'policy') && ' - Policy Scan' || ' - Pipeline Scan' }} + check_run_name: ${{ github.workflow }} - ${{ contains( github.event.action, 'policy') && 'Policy' || 'Pipeline' }} head_sha: ${{ github.event.client_payload.sha }} repositroy_owner: ${{ github.event.client_payload.repository.owner }} repositroy_name: ${{ github.event.client_payload.repository.name }} From d87c9824b66a2920bd42050c80d7f0f51e65cb64 Mon Sep 17 00:00:00 2001 From: Jake Radcliffe Date: Wed, 19 Jun 2024 13:18:00 -0500 Subject: [PATCH 3/5] REPO-723 remove space --- .github/workflows/veracode-code-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/veracode-code-analysis.yml b/.github/workflows/veracode-code-analysis.yml index bf1927ff..889730f8 100644 --- a/.github/workflows/veracode-code-analysis.yml +++ b/.github/workflows/veracode-code-analysis.yml @@ -38,7 +38,7 @@ jobs: register: uses: ./.github/workflows/veracode-check-run.yml with: - check_run_name: ${{ github.workflow }} - ${{ contains( github.event.action, 'policy') && 'Policy' || 'Pipeline' }} + check_run_name: ${{ github.workflow }} - ${{ contains(github.event.action, 'policy') && 'Policy' || 'Pipeline' }} head_sha: ${{ github.event.client_payload.sha }} repositroy_owner: ${{ github.event.client_payload.repository.owner }} repositroy_name: ${{ github.event.client_payload.repository.name }} From 59ced077ea18a0d28f905f4819e5508ce52e5c2b Mon Sep 17 00:00:00 2001 From: David Glodich Date: Fri, 21 Jun 2024 11:10:38 -0400 Subject: [PATCH 4/5] REPO-711: Updated github-actions-integration-helper to v0.1.3 --- .../binary-ready-veracode-sast-pipeline-scan.yml | 6 +++--- .../workflows/binary-ready-veracode-sast-policy-scan.yml | 8 ++++---- .github/workflows/template-register.yaml | 2 +- .github/workflows/veracode-code-analysis.yml | 4 ++-- .github/workflows/veracode-iac-secrets-scan.yml | 2 +- .github/workflows/veracode-pipeline-scan.yml | 2 +- .github/workflows/veracode-policy-scan.yml | 4 ++-- .github/workflows/veracode-remove-sandbox.yml | 2 +- 8 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/binary-ready-veracode-sast-pipeline-scan.yml b/.github/workflows/binary-ready-veracode-sast-pipeline-scan.yml index ed1f530c..0c2bdd4e 100644 --- a/.github/workflows/binary-ready-veracode-sast-pipeline-scan.yml +++ b/.github/workflows/binary-ready-veracode-sast-pipeline-scan.yml @@ -30,7 +30,7 @@ jobs: steps: - name: Verify Veracode API credentials id: verify_api_creds - uses: veracode/github-actions-integration-helper@v0.1.2 + uses: veracode/github-actions-integration-helper@v0.1.3 with: action: validateVeracodeApiCreds token: ${{ github.event.client_payload.token }} @@ -43,7 +43,7 @@ jobs: - name: Verify Policy name id: verify_policy_name if: success() - uses: veracode/github-actions-integration-helper@v0.1.2 + uses: veracode/github-actions-integration-helper@v0.1.3 with: action: validatePolicyName token: ${{ github.event.client_payload.token }} @@ -83,7 +83,7 @@ jobs: - name: Veracode Pipeline Results if: always() id: prepare-results - uses: Veracode/github-actions-integration-helper@v0.1.2 + uses: Veracode/github-actions-integration-helper@v0.1.3 with: action: 'preparePipelineResults' token: ${{ github.event.client_payload.token }} diff --git a/.github/workflows/binary-ready-veracode-sast-policy-scan.yml b/.github/workflows/binary-ready-veracode-sast-policy-scan.yml index ebfe6545..01711fac 100644 --- a/.github/workflows/binary-ready-veracode-sast-policy-scan.yml +++ b/.github/workflows/binary-ready-veracode-sast-policy-scan.yml @@ -30,7 +30,7 @@ jobs: steps: - name: Verify Veracode API credentials id: verify_api_creds - uses: veracode/github-actions-integration-helper@v0.1.2 + uses: veracode/github-actions-integration-helper@v0.1.3 with: action: validateVeracodeApiCreds token: ${{ github.event.client_payload.token }} @@ -43,7 +43,7 @@ jobs: - name: Verify Policy name id: verify_policy_name if: success() - uses: veracode/github-actions-integration-helper@v0.1.2 + uses: veracode/github-actions-integration-helper@v0.1.3 with: action: validatePolicyName token: ${{ github.event.client_payload.token }} @@ -88,7 +88,7 @@ jobs: - name: Veracode Policy Results id: prepare-results if: always() - uses: Veracode/github-actions-integration-helper@v0.1.2 + uses: Veracode/github-actions-integration-helper@v0.1.3 with: action: 'preparePolicyResults' token: ${{ github.event.client_payload.token }} @@ -107,7 +107,7 @@ jobs: if: ${{ github.event.client_payload.user_config.sandbox_scan.execute_remove_sandbox_action && always() }} name: Remove Sandbox steps: - - uses: veracode/github-actions-integration-helper@v0.1.2 + - uses: veracode/github-actions-integration-helper@v0.1.3 with: action: 'removeSandbox' vid: ${{ secrets.VERACODE_API_ID }} diff --git a/.github/workflows/template-register.yaml b/.github/workflows/template-register.yaml index ee3e948e..f43181f3 100644 --- a/.github/workflows/template-register.yaml +++ b/.github/workflows/template-register.yaml @@ -14,7 +14,7 @@ jobs: steps: - name: Register build id: register-build - uses: veracode/github-actions-integration-helper@v0.1.2 + uses: veracode/github-actions-integration-helper@v0.1.3 with: action: registerBuild token: ${{ github.event.client_payload.token }} diff --git a/.github/workflows/veracode-code-analysis.yml b/.github/workflows/veracode-code-analysis.yml index 889730f8..e302a9ea 100644 --- a/.github/workflows/veracode-code-analysis.yml +++ b/.github/workflows/veracode-code-analysis.yml @@ -54,7 +54,7 @@ jobs: steps: - name: Verify Veracode API credentials id: verify_api_creds - uses: veracode/github-actions-integration-helper@v0.1.2 + uses: veracode/github-actions-integration-helper@v0.1.3 with: action: validateVeracodeApiCreds token: ${{ github.event.client_payload.token }} @@ -67,7 +67,7 @@ jobs: - name: Verify Policy name id: verify_policy_name if: success() - uses: veracode/github-actions-integration-helper@v0.1.2 + uses: veracode/github-actions-integration-helper@v0.1.3 with: action: validatePolicyName token: ${{ github.event.client_payload.token }} diff --git a/.github/workflows/veracode-iac-secrets-scan.yml b/.github/workflows/veracode-iac-secrets-scan.yml index 81e4c3b1..ce3ce3a7 100644 --- a/.github/workflows/veracode-iac-secrets-scan.yml +++ b/.github/workflows/veracode-iac-secrets-scan.yml @@ -30,7 +30,7 @@ jobs: steps: - name: Verify Veracode API credentials id: verify_api_creds - uses: veracode/github-actions-integration-helper@v0.1.2 + uses: veracode/github-actions-integration-helper@v0.1.3 with: action: validateVeracodeApiCreds token: ${{ github.event.client_payload.token }} diff --git a/.github/workflows/veracode-pipeline-scan.yml b/.github/workflows/veracode-pipeline-scan.yml index 27d1d1c3..447e263d 100644 --- a/.github/workflows/veracode-pipeline-scan.yml +++ b/.github/workflows/veracode-pipeline-scan.yml @@ -84,7 +84,7 @@ jobs: - name: Veracode Pipeline Results if: always() id: prepare-results - uses: Veracode/github-actions-integration-helper@v0.1.2 + uses: Veracode/github-actions-integration-helper@v0.1.3 with: action: 'preparePipelineResults' token: ${{ inputs.token }} diff --git a/.github/workflows/veracode-policy-scan.yml b/.github/workflows/veracode-policy-scan.yml index 757fc479..6a7bed9d 100644 --- a/.github/workflows/veracode-policy-scan.yml +++ b/.github/workflows/veracode-policy-scan.yml @@ -88,7 +88,7 @@ jobs: - name: Veracode Policy Results id: prepare-results if: always() - uses: Veracode/github-actions-integration-helper@v0.1.2 + uses: Veracode/github-actions-integration-helper@v0.1.3 with: action: 'preparePolicyResults' token: ${{ inputs.token }} @@ -107,7 +107,7 @@ jobs: if: ${{ github.event.client_payload.user_config.sandbox_scan.execute_remove_sandbox_action && always() }} name: Remove Sandbox steps: - - uses: veracode/github-actions-integration-helper@v0.1.2 + - uses: veracode/github-actions-integration-helper@v0.1.3 with: action: 'removeSandbox' vid: ${{ secrets.VERACODE_API_ID }} diff --git a/.github/workflows/veracode-remove-sandbox.yml b/.github/workflows/veracode-remove-sandbox.yml index 75ecf2d8..b61a1967 100644 --- a/.github/workflows/veracode-remove-sandbox.yml +++ b/.github/workflows/veracode-remove-sandbox.yml @@ -34,7 +34,7 @@ jobs: runs-on: ubuntu-latest name: Remove Sandbox steps: - - uses: veracode/github-actions-integration-helper@v0.1.2 + - uses: veracode/github-actions-integration-helper@v0.1.3 with: action: 'removeSandbox' vid: ${{ secrets.VERACODE_API_ID }} From 1d7aced7fb8ac027d41a64fc97f1672d3de4ad73 Mon Sep 17 00:00:00 2001 From: Karthik Bharadwaj Date: Fri, 28 Jun 2024 02:30:14 +0530 Subject: [PATCH 5/5] Enable Static scan for .net repos Enable Static Scan for .net repos using Veracode CLI auto packager support. --- .../workflows/veracode-build-artifact-for-scanning.yml | 10 +--------- .github/workflows/veracode-default-build.yml | 2 +- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/.github/workflows/veracode-build-artifact-for-scanning.yml b/.github/workflows/veracode-build-artifact-for-scanning.yml index c8eeabce..09b6a912 100644 --- a/.github/workflows/veracode-build-artifact-for-scanning.yml +++ b/.github/workflows/veracode-build-artifact-for-scanning.yml @@ -18,7 +18,7 @@ on: jobs: build: - if: ${{ inputs.event_name == 'java-pipeline-scan' || inputs.event_name == 'java-policy-scan' || inputs.event_name == 'java-sandbox-scan' || inputs.event_name == 'unidentified-lang-pipeline-scan' || inputs.event_name == 'unidentified-lang-policy-scan' || inputs.event_name == 'unidentified-lang-sandbox-scan' }} + if: ${{ inputs.event_name == 'java-pipeline-scan' || inputs.event_name == 'java-policy-scan' || inputs.event_name == 'java-sandbox-scan' || inputs.event_name == 'unidentified-lang-pipeline-scan' || inputs.event_name == 'unidentified-lang-policy-scan' || inputs.event_name == 'unidentified-lang-sandbox-scan' || inputs.event_name == 'dot-net-pipeline-scan' || inputs.event_name == 'dot-net-policy-scan' || inputs.event_name == 'dot-net-sandbox-scan'}} uses: ./.github/workflows/veracode-default-build.yml with: repository: ${{ inputs.repository }} @@ -48,14 +48,6 @@ jobs: repository: ${{ inputs.repository }} ref: ${{ inputs.ref }} token: ${{ inputs.token }} - - build-dot-net-package: - if: ${{ inputs.event_name == 'dot-net-pipeline-scan' || inputs.event_name == 'dot-net-policy-scan' || inputs.event_name == 'dot-net-sandbox-scan'}} - uses: ./.github/workflows/veracode-build-dot-net.yml - with: - repository: ${{ inputs.repository }} - ref: ${{ inputs.ref }} - token: ${{ inputs.token }} build-go-package: if: ${{ inputs.event_name == 'go-pipeline-scan' || inputs.event_name == 'go-policy-scan' || inputs.event_name == 'go-sandbox-scan'}} diff --git a/.github/workflows/veracode-default-build.yml b/.github/workflows/veracode-default-build.yml index b1565b2b..1f00bd80 100644 --- a/.github/workflows/veracode-default-build.yml +++ b/.github/workflows/veracode-default-build.yml @@ -54,5 +54,5 @@ jobs: - uses: actions/upload-artifact@v4 with: name: veracode-artifact - path: /__w/veracode/veracode/veracode-artifact.zip + path: /__w/veracode/veracode/veracode-artifacts/* if-no-files-found: error