Skip to content

Veracode

Veracode #4

Workflow file for this run

name: Veracode
on:
workflow_dispatch:
jobs:
build:
name: Build app
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version-file: go.mod
- name: Create Vendor Folder
run: go mod vendor
- name: Build
run: go build -v ./...
- name: Empacotamento dos arquivos
uses: thedoctor0/zip-release@master
with:
filename: 'veracode.zip'
path: .
- name: Publicando Artefato
uses: actions/upload-artifact@v2
with:
name: pacoteVeracode
path: veracode.zip
Veracode_SCA:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up Go
uses: actions/setup-go@v4
with:
go-version-file: go.mod
- name: Create Vendor Folder
run: go mod vendor
- name: Veracode SCA
env:
SRCCLR_API_TOKEN: ${{ secrets.SCA }} # Lembrar de criar as credenciais no Secrets
run: |
curl -sSL 'https://download.sourceclear.com/ci.sh' | bash -s – scan --update-advisor --allow-dirty
Veracode_UploadAndScan:
runs-on: ubuntu-latest
needs: build
steps:
- name: Download Artefato
uses: actions/download-artifact@v2
with:
name: pacoteVeracode
- name: UploadAndScan
uses: veracode/veracode-uploadandscan-action@master # Faz a analise da Veracode
env:
VeracodeID: ${{ secrets.VeracodeID }} # Lembrar de criar as credenciais no Secrets
VeracodeKey: ${{ secrets.VeracodeKey }}
AppName: ${{ github.repository }}
with:
vid: '$VeracodeID'
vkey: '$VeracodeKey'
criticality: 'VeryHigh'
appname: '$AppName'
filepath: 'veracode.zip'
scanallnonfataltoplevelmodules: true
includenewmodules: true
version: ${{ github.run_id }}
Veracode_PipelineScan:
runs-on: ubuntu-latest
needs: build
steps:
- name: Download Artefato
uses: actions/download-artifact@v2
with:
name: pacoteVeracode
- name: Veracode Pipeline Scan
env:
VID: ${{ secrets.VeracodeID }} # Lembrar de criar as credenciais no Secrets
VKEY: ${{ secrets.VeracodeKey }}
CaminhoArquivo: './veracode.zip'
run: |
curl -sSO https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip
unzip pipeline-scan-LATEST.zip
java -jar pipeline-scan.jar -vid $VID -vkey $VKEY -f $CaminhoArquivo --issue_details true