Veracode upload and scan #131
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Veracode upload and scan" | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - dev | |
| paths: | |
| - 'src/**' | |
| - 'pom.xml' | |
| - 'Dockerfile' | |
| schedule: | |
| # Once a day | |
| - cron: "0 0 * * *" | |
| workflow_dispatch: | |
| jobs: | |
| Analyze: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v2 | |
| #Setup Java 11 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'adopt' | |
| #Create/Get Maven package cache | |
| - name: Cache Maven packages | |
| uses: actions/cache@v1 | |
| with: | |
| path: ~/.m2 | |
| key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: ${{ runner.os }}-m2 | |
| #Package application with Maven | |
| - name: Package to JAR | |
| run: mvn -B package -DskipTests | |
| #Create the directory which will be uploaded to Veracode | |
| - name: Create Veracode Upload Directory | |
| run: mkdir -p target/veracode | |
| #Copy the jar to directory which gets uploaded to Veracode | |
| - name: Copy Pool JAR | |
| run: cp target/value-added-service-*.jar target/veracode/value-added-service.jar | |
| - name: Run Veracode Upload And Scan | |
| uses: veracode/veracode-uploadandscan-action@0.2.1 | |
| with: | |
| # Specify Veracode application name | |
| appname: "product-vas-country-risk-backend" | |
| createprofile: false | |
| # Specify path to upload | |
| filepath: "target/veracode" | |
| vid: "${{ secrets.VERACODE_API_ID }}" | |
| vkey: "${{ secrets.VERACODE_API_KEY }}" |