update flag for policy validation

veracode · Mar 14, 2024 · 0022847 · 0022847
1 parent 75556ba
commit 0022847
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 11 deletions.
diff --git a/.github/workflows/veracode-code-analysis.yml b/.github/workflows/veracode-code-analysis.yml
@@ -84,7 +84,7 @@ jobs:
           path: ${{ github.event.client_payload.annotationObj.path }}
           start_line: ${{ github.event.client_payload.annotationObj.start_line }}
           end_line: ${{ github.event.client_payload.annotationObj.end_line }}
-          break_build_policy_findings: ${{github.event.client_payload.break_build_policy_findings }}
+          break_build_invalid_policy: ${{github.event.client_payload.break_build_invalid_policy }}
 
   build:
     needs: validations

diff --git a/veracode.yml b/veracode.yml
@@ -23,8 +23,8 @@ veracode_static_scan:
   # Use 'none' if you would not like any scans saved to the platform
   analysis_branch: ENTER_BRANCH_NAME_HERE
   analysis_on_platform: false
-  #If the break_build_policy_findings is set to true, the build will break if the pipeline scan finds any policy violations.      
-  break_build_policy_findings: true
+  #If break_build_invalid_policy is set to true, the build will break when the policy name is invalid.
+  break_build_invalid_policy: true
   #If the break_build_on_error is set to true, the build will break if the scan failed to complete in time or with an error.
   break_build_on_error: false
   #If the break_build_on_policy_error is set to true, this is the error message that will be displayed if the pipeline scan fails to complete in time or with an error.
@@ -35,11 +35,12 @@ veracode_static_scan:
   # Set the property to 'default' if you'd like to use the default
   # workflow for each repository.
   use_custom_workflow: WORKFLOW_NAME
-  #If enabled, you will be able to view static findings as a security issue in GitHub.
+  #If the create_code_scanning_alert is set to true, code scanning alert for static findings will be created under GitHub Security.
   create_code_scanning_alert: false
+  #If the create_issue is set to true, GitHub Issues will be created for static findings.
   create_issue: false
   profile: ENTER_PROFILE_NAME
-  #If enabled, the scan will be triggered when a command matches by either creating an issue or adding a comment to an issue.
+  #If the trigger is set to true, the scan will be triggered when a command matches by either creating an issue or adding a comment to an issue.
   issues:
     trigger: false
     commands:
@@ -61,13 +62,11 @@ veracode_sca_scan:
       - synchronize
     target_branch:
       - default_branch
-  #If the break_build_policy_findings is set to true, the build will break if the SCA scan finds any policy violations.      
-  break_build_policy_findings: true
   #If the break_build_on_error is set to true, the build will break if the scan failed to complete, no libraries found, no build system found or on any other error.
   break_build_on_error: true
   #If the break_build_on_policy_error is set to true, this is the error message that will be displayed if the SCA scan fails to complete, no libraries found, no build system found or on any other error.
   error_message: "Veracode SCA scan faced a problem. Please contact your Veracode administrator for more information. If you are a Veracode administrator, please contact Veracode support."
-  #If enabled, the scan will be triggered when a command matches by either creating an issue or adding a comment to an issue.
+  #If the trigger is set to true, the scan will be triggered when a command matches by either creating an issue or adding a comment to an issue.
   issues:
     trigger: false
     commands:
@@ -89,13 +88,11 @@ veracode_iac_secrets_scan:
       - synchronize
     target_branch:
       - default_branch
-  #If the break_build_policy_findings is set to true, the build will break if the IaC/Secrets scan finds any policy violations.      
-  break_build_policy_findings: true
   #If the break_build_on_error is set to true, the build will break if the scan failed to complete, no libraries found or on any other error.
   break_build_on_error: true
   #If the break_build_on_policy_error is set to true, this is the error message that will be displayed if the IaC/Secrets scan fails to complete, no libraries found or on any other error.
   error_message: "Veracode SCA scan faced a problem. Please contact your Veracode administrator for more information. If you are a Veracode administrator, please contact Veracode support."
-  #If enabled, the scan will be triggered when a command matches by either creating an issue or adding a comment to an issue.
+  #If the trigger is set to true, the scan will be triggered when a command matches by either creating an issue or adding a comment to an issue.
   issues:
     trigger: false
     commands: