.github/workflows/veracode-analysis.yml
name: Veracode Static Analysis Pipeline Scan
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build-and-pipeline-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
with:
repository: ''
- uses: papeloto/action-zip@v1
with:
files: /
recursive: true
dest: veracode-pipeline-scan-results-to-sarif.zip
- uses: actions/upload-artifact@v4
with:
name: my-artifact
path: veracode-pipeline-scan-results-to-sarif.zip
- uses: wei/curl@master
with:
args: -O https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip
- run: unzip -o pipeline-scan-LATEST.zip
- uses: actions/setup-java@v4
with:
java-version: 1.8
- run: java -jar pipeline-scan.jar --veracode_api_id "${{secrets.VERACODE_API_ID}}" --veracode_api_key "${{secrets.VERACODE_API_KEY}}" --fail_on_severity="Very High, High" --file veracode-pipeline-scan-results-to-sarif.zip
continue-on-error: true
- uses: actions/upload-artifact@v4
with:
name: ScanResults
path: results.json
- name: Convert pipeline scan output to SARIF format
id: convert
uses: veracode/veracode-pipeline-scan-results-to-sarif@master
with:
pipeline-results-json: results.json
- uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: veracode-results.sarif