-
Notifications
You must be signed in to change notification settings - Fork 397
/
Copy pathveracode.yml
95 lines (93 loc) · 4.31 KB
/
veracode.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
veracode_static_scan:
push:
trigger: true
# Please only specify either branches_to_run or branches_to_exclude
# Entering both will only execute branches_to_run
# Leaving them both blank means this will never run
branches_to_run:
- '*'
branches_to_exclude:
pull_request:
trigger: true
action:
- opened
- synchronize
target_branch:
- default_branch
# If the analysis_on_platform is set to true,
# Veracode will save your last scan result, on the default branch, as an application profile with the same name as your scanned repository on the Veracode platform.
# If the analysis_on_platform is set to false, scan results will not be saved to the Veracode platform.
analysis_on_platform: false
# If break_build_policy_findings is set to true, the build will break when findings violate the policy.
break_build_policy_findings: true
# If break_build_invalid_policy is set to true, the build will break when the policy name is invalid.
break_build_invalid_policy: true
# If the break_build_on_error is set to true, the build will break if the scan failed to complete in time or with an error and the error_message will be displayed.
break_build_on_error: false
error_message: "Veracode static scan faced a problem. Please contact your Veracode administrator for more information."
# Default policy to be used if a policy isn't already assigned to the application profile.
policy: 'Veracode Recommended Medium + SCA'
# If the create_code_scanning_alert is set to true, GitHub security code scanning vulnerability alerts will be created for static findings.
create_code_scanning_alert: false
# If the create_issue is set to true, GitHub Issues will be created for static findings.
create_issue: false
# If the trigger is set to true, a scan is triggered when you create an issue containing the commands value or add a comment containing the commands value to an issue.
# Syntax to be used - COMMANDS_VALUE [branch: BRANCH_NAME]
issues:
trigger: false
commands:
- "Veracode Static Scan"
veracode_sca_scan:
push:
trigger: true
# Please only specify either branches_to_run or branches_to_exclude
# Entering both will only execute branches_to_run
# Leaving them both blank means this will never run
branches_to_run:
- '*'
branches_to_exclude:
pull_request:
trigger: true
action:
- opened
- synchronize
target_branch:
- default_branch
# If the break_build_on_error is set to true, the build will break if the scan failed to complete or with an error, no libraries were found,
# or no build system was found and the error_message will be displayed.
break_build_on_error: true
error_message: "Veracode SCA scan faced a problem. Please contact your Veracode administrator for more information."
# If the trigger is set to true, a scan is triggered when you create an issue containing the commands value or add a comment containing the commands value to an issue.
# Syntax to be used - COMMANDS_VALUE [branch: BRANCH_NAME]
issues:
trigger: false
commands:
- "Veracode SCA Scan"
veracode_iac_secrets_scan:
push:
trigger: true
# Please only specify either branches_to_run or branches_to_exclude
# Entering both will only execute branches_to_run
# Leaving them both blank means this will never run
branches_to_run:
- '*'
branches_to_exclude:
pull_request:
trigger: true
action:
- opened
- synchronize
target_branch:
- default_branch
# If break_build_policy_findings is set to true, the build will break when findings violate the policy.
break_build_policy_findings: true
# If the break_build_on_error is set to true, the build will break if the scan failed to complete or with an error, no libraries were found,
# or no build system was found and the error_message will be displayed.
break_build_on_error: true
error_message: "Veracode IAC secrets scan faced a problem. Please contact your Veracode administrator for more information."
# If the trigger is set to true, a scan is triggered when you create an issue containing the commands value or add a comment containing the commands value to an issue.
# Syntax to be used - COMMANDS_VALUE [branch: BRANCH_NAME]
issues:
trigger: false
commands:
- "Veracode IAC Scan"