Merge pull request #48 from veracode/develop

Author: julz0815

.github/workflows/binary-ready-veracode-sast-pipeline-scan.yml

@@ -72,7 +72,7 @@ jobs:
 
       - name: Veracode Pipeline-Scan
         id: pipeline-scan
-        uses: veracode/[email protected].15
+        uses: veracode/[email protected].16
         with:
           vid: ${{ secrets.VERACODE_API_ID }}
           vkey: ${{ secrets.VERACODE_API_KEY }}

.github/workflows/binary-ready-veracode-sast-policy-scan.yml

@@ -71,7 +71,7 @@ jobs:
           run-id: ${{ github.event.client_payload.run_id }}
 
       - name: Veracode Upload and Scan Action Step
-        uses: veracode/[email protected].4
+        uses: veracode/[email protected].5
         id: upload_and_scan
         with:
           vid: '${{ secrets.VERACODE_API_ID }}'

.github/workflows/binary-ready-veracode-sast-sandbox-scan.yml

@@ -24,7 +24,7 @@ jobs:
 
       - name: Veracode Upload and Scan Action Step
         id: upload_and_scan
-        uses: veracode/[email protected].4
+        uses: veracode/[email protected].5
         with:
           appname: ${{ github.event.client_payload.user_config.profile_name }}
           createprofile: true

.github/workflows/veracode-build-artifact-for-scanning.yml

@@ -17,6 +17,14 @@ on:
         type: string
 
 jobs:
+  build:
+    if: ${{ inputs.event_name == 'java-pipeline-scan' || inputs.event_name == 'java-policy-scan' || inputs.event_name == 'java-sandbox-scan' || inputs.event_name == 'unidentified-lang-pipeline-scan' || inputs.event_name == 'unidentified-lang-policy-scan' || inputs.event_name == 'unidentified-lang-sandbox-scan' }}
+    uses: ./.github/workflows/veracode-default-build.yml
+    with:
+      repository: ${{ inputs.repository }}
+      ref: ${{ inputs.ref }}
+      token: ${{ inputs.token }}
+
   build-java-maven:
     if: ${{ inputs.event_name == 'java-maven-pipeline-scan' || inputs.event_name == 'java-maven-policy-scan' || inputs.event_name == 'java-maven-sandbox-scan' }}
     uses: ./.github/workflows/veracode-build-java-cli-maven.yml

.github/workflows/veracode-build-java-cli-gradle.yml

@@ -27,7 +27,7 @@ jobs:
       with:
         java-version: 21
         distribution: oracle
-    - name: Package the appliccation
+    - name: Package the application
       env:
         VERACODE_API_KEY_ID: '${{ secrets.VERACODE_API_ID }}'
         VERACODE_API_KEY_SECRET: '${{ secrets.VERACODE_API_KEY }}'

.github/workflows/veracode-build-java-cli-maven.yml

@@ -32,7 +32,7 @@ jobs:
       with:
         path: ~/.m2
         key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
-    - name: Package the appliccation
+    - name: Package the application
       env:
         VERACODE_API_KEY_ID: '${{ secrets.VERACODE_API_ID }}'
         VERACODE_API_KEY_SECRET: '${{ secrets.VERACODE_API_KEY }}'

.github/workflows/veracode-code-analysis.yml

@@ -29,6 +29,10 @@ on:
       - scala-policy-scan
       - dart-pipeline-scan
       - dart-policy-sca
+      - java-pipeline-scan
+      - java-policy-scan
+      - unidentified-lang-pipeline-scan
+      - unidentified-lang-policy-scan
 
 jobs:
   register:

.github/workflows/veracode-default-build.yml

@@ -0,0 +1,58 @@
+name: Veracode Build
+on:
+  workflow_call:
+    inputs:
+      repository:
+        required: true
+        type: string
+      ref:
+        required: true
+        type: string
+      token:
+        required: true
+        type: string
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    container:
+      image: veracode/scm-packaging:latest
+    env:
+      VERACODE_API_KEY_ID: '${{ secrets.VERACODE_API_ID }}'
+      VERACODE_API_KEY_SECRET: '${{ secrets.VERACODE_API_KEY }}'
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        repository: ${{ inputs.repository }}
+        ref: ${{ inputs.ref }}
+        token: ${{ inputs.token }}
+
+    - uses: actions/checkout@v4
+      with:
+        path: 'veracode-helper'
+
+    - name: Package the application
+      id: application_package
+      env:
+        VERACODE_API_KEY_ID: '${{ secrets.VERACODE_API_ID }}'
+        VERACODE_API_KEY_SECRET: '${{ secrets.VERACODE_API_KEY }}'
+      run: |
+        cd veracode-helper/helper/cli
+        cliFile=$(ls -1 . | head -n 1)
+        cliFileName=$(echo "$cliFile" | cut -c 1-$((${#cliFile}-7)))
+        tar -zxvf $cliFile
+        cd $cliFileName
+        export PATH="veracode-helper/helper/cli/$cliFileName:$PATH"
+        cd /__w/veracode/veracode
+        veracode package --source . --output veracode-artifacts --trust
+        zip veracode-artifact.zip veracode-artifacts/* -x .zip .tar .tar.gz .gz
+
+    - name: Package error
+      if: failure() && steps.application_package.outcome == 'failure'
+      run: |
+        echo "::error::Veracode static scan faced a problem. Please contact your Veracode administrator for more information."
+
+    - uses: actions/upload-artifact@v4
+      with:
+        name: veracode-artifact
+        path: /__w/veracode/veracode/veracode-artifact.zip
+        if-no-files-found: error

.github/workflows/veracode-iac-secrets-scan.yml

@@ -52,7 +52,7 @@ jobs:
           ref: ${{ github.event.client_payload.sha }}
           token: ${{ github.event.client_payload.token }}
       - name: Run Veracode IaC/Secrets Scanning
-        uses: veracode/[email protected].2
+        uses: veracode/[email protected].3
         with:
             vid: ${{ secrets.VERACODE_API_ID }}
             vkey: ${{ secrets.VERACODE_API_KEY }}

.github/workflows/veracode-pipeline-scan.yml

@@ -73,7 +73,7 @@ jobs:
       # run the pipeline scan action
       - name: Veracode Pipeline-Scan
         id: pipeline-scan
-        uses: veracode/[email protected].15
+        uses: veracode/[email protected].16
         with:
           vid: ${{ secrets.VERACODE_API_ID }}
           vkey: ${{ secrets.VERACODE_API_KEY }}