This repository has been archived by the owner on Oct 2, 2024. It is now read-only.
forked from veracode/github-actions-integration
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathveracode.yml
80 lines (77 loc) · 3.89 KB
/
veracode.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
veracode_static_scan:
# Please only specify trigger:true for either push event or
# pull request event. Specifying both will only execute push event.
# Leaving them both false means this will never run
push:
trigger: true
# Please only specify either branches_to_run or branches_to_exclude
# Entering both will only execute branches_to_run
# Leaving them both blank means this will never run
branches_to_run:
- '*'
branches_to_exclude:
pull_request:
trigger: true
action:
- opened
- synchronize
target_branch:
- default_branch
# What branch would you like to use for platform analysis
# By selecting a branch here - Veracode will save your last scan result
# As an App Profile - given the current name of your scanned repo
# Use 'none' if you would not like any scans saved to the platform
analysis_branch: main
#If the break_build_policy_findings is set to true, the build will break if the pipeline scan finds any policy violations.
break_build_policy_findings: false
#If the break_build_on_error is set to true, the build will break if the scan failed to complete in time or with an error.
break_build_on_error: false
#If the break_build_on_policy_error is set to true, this is the error message that will be displayed if the pipeline scan fails to complete in time or with an error.
error_message: "Veracode SAST scan faced a problem. Please contact your Veracode administrator for more information. If you are a Veracode administrator, please contact Veracode support."
policy: 'Veracode Recommended Medium + SCA'
compile_locally: false
local_compilation_workflow: na
veracode_sca_scan:
# Please only specify trigger:true for either push event or
# pull request event. Specifying both will only execute push event.
# Leaving them both false means this will never run
push:
trigger: true
branches_to_run:
- '*'
branches_to_exclude:
pull_request:
trigger: true
action:
- opened
- synchronize
target_branch:
- default_branch
#If the break_build_policy_findings is set to true, the build will break if the SCA scan finds any policy violations.
break_build_policy_findings: true
#If the break_build_on_error is set to true, the build will break if the scan failed to complete, no libraries found, no build system found or on any other error.
break_build_on_error: true
#If the break_build_on_policy_error is set to true, this is the error message that will be displayed if the SCA scan fails to complete, no libraries found, no build system found or on any other error.
error_message: "Veracode SCA scan faced a problem. Please contact your Veracode administrator for more information. If you are a Veracode administrator, please contact Veracode support."
veracode_iac_secrets_scan:
# Please only specify trigger:true for either push event or
# pull request event. Specifying both will only execute push event.
# Leaving them both false means this will never run
push:
trigger: true
branches_to_run:
- '*'
branches_to_exclude:
pull_request:
trigger: true
action:
- opened
- synchronize
target_branch:
- default_branch
#If the break_build_policy_findings is set to true, the build will break if the IaC/Secrets scan finds any policy violations.
break_build_policy_findings: true
#If the break_build_on_error is set to true, the build will break if the scan failed to complete, no libraries found or on any other error.
break_build_on_error: true
#If the break_build_on_policy_error is set to true, this is the error message that will be displayed if the IaC/Secrets scan fails to complete, no libraries found or on any other error.
error_message: "Veracode SCA scan faced a problem. Please contact your Veracode administrator for more information. If you are a Veracode administrator, please contact Veracode support."