Skip to content
This repository has been archived by the owner on Jul 18, 2024. It is now read-only.

Veracode upload and scan #238

Veracode upload and scan

Veracode upload and scan #238

Workflow file for this run

name: "Veracode upload and scan"
on:
push:
branches:
- main
- dev
paths:
- 'src/**'
- 'pom.xml'
- 'Dockerfile'
schedule:
# Once a day
- cron: "0 0 * * *"
workflow_dispatch:
jobs:
Analyze:
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v2
#Setup Java 11
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'adopt'
#Create/Get Maven package cache
- name: Cache Maven packages
uses: actions/cache@v1
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
#Package application with Maven
- name: Package to JAR
run: mvn -B package -DskipTests
#Create the directory which will be uploaded to Veracode
- name: Create Veracode Upload Directory
run: mkdir -p target/veracode
#Copy the jar to directory which gets uploaded to Veracode
- name: Copy Pool JAR
run: cp target/value-added-service-*.jar target/veracode/value-added-service.jar
- name: Run Veracode Upload And Scan
uses: veracode/[email protected]
with:
# Specify Veracode application name
appname: "product-vas-country-risk-backend"
createprofile: false
# Specify path to upload
filepath: "target/veracode"
vid: "${{ secrets.VERACODE_API_ID }}"
vkey: "${{ secrets.VERACODE_API_KEY }}"