Veracode_Go #8

Workflow file for this run

.github/workflows/Support Pipeline.yml at 00d3b85

	name: Veracode_Go
	on:
	workflow_dispatch:

	jobs:
	Package:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v2
	- name: Set up Go
	uses: actions/setup-go@v2
	with:
	go-version: 1.22
	- name: Build
	run: go build
	- name: Package the application for Veracode Static Analysis
	run: \|
	export GOPATH=`go env GOPATH` &&
	export PATH="$GOPATH/bin:$PATH" &&
	go install github.com/relaxnow/vcgopkg@latest
	vcgopkg
	ls
	- name: Find ZIP file
	run: \|
	zip_file=$(find . -type f -name "*.zip" \| head -n 1)
	echo "ZIP file found at: $zip_file"
	echo "##[set-output name=zip_path;]$zip_file"
	id: find_zip

	Veracode_SCA:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v2
	- name: Veracode SCA
	env:
	SRCCLR_API_TOKEN: ${{ secrets.SCA }} # Lembrar de criar as credenciais no Secrets
	run: \|
	curl -sSL 'https://download.sourceclear.com/ci.sh' \| bash -s – scan --update-advisor --allow-dirty

	Veracode_UploadAndScan:
	runs-on: ubuntu-latest
	needs: Package
	steps:
	- name: Download Artefato
	uses: actions/download-artifact@v2
	with:
	name: pacoteVeracode
	- name: UploadAndScan
	uses: veracode/veracode-uploadandscan-action@master # Faz a analise da Veracode
	env:
	VeracodeID: ${{ secrets.VeracodeID }} # Lembrar de criar as credenciais no Secrets
	VeracodeKey: ${{ secrets.VeracodeKey }}
	AppName: Github Actions - ${{ github.repository }}
	with:
	vid: '$VeracodeID'
	vkey: '$VeracodeKey'
	criticality: 'VeryHigh'
	appname: '$AppName'
	createsandbox: true
	filepath: ${{ steps.find_zip.outputs.zip_path }}
	deleteIncompleteScan: false
	version: ${{ github.run_id }}

	Veracode_PipelineScan:
	runs-on: ubuntu-latest
	needs: Package
	steps:
	- name: Download Artefato
	uses: actions/download-artifact@v2
	with:
	name: pacoteVeracode
	- name: Veracode Pipeline Scan
	env:
	VID: ${{ secrets.VeracodeID }} # Lembrar de criar as credenciais no Secrets
	VKEY: ${{ secrets.VeracodeKey }}
	CaminhoArquivo: ${{ steps.find_zip.outputs.zip_path }}
	run: \|
	curl -sSO https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip
	unzip pipeline-scan-LATEST.zip
	java -jar pipeline-scan.jar -vid $VID -vkey $VKEY -f $CaminhoArquivo --issue_details true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Veracode_Go #8

Workflow file

Veracode_Go #8

Jobs

Run details

Workflow file for this run