Skip to content
This repository has been archived by the owner on Oct 27, 2020. It is now read-only.

githubrlloyd/veracode-pipeline

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
.github/workflows
.github/workflows
 
 
binaries_to_upload
binaries_to_upload
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 
example.sarif.json
example.sarif.json
 
 
index.js
index.js
 
 

Repository files navigation

veracode-pipeline

an example of a GitHub action for initiating a Veracode pipeline scan and returning the results.json as code scanning alerts in GitHub's Security tab

Contents

About

This is an example

How it works

  • The Veracode pipeline scan analysis workflow runs on commit, takes the artifact from your build and submits it to the Veracode pipeline scan service
  • The results.json ouput is transformed into SARIF
  • The SARIF report is submitted to GitHub via the github/codeql-action/upload-sarif action

Getting started

  1. Setup an API users for your Veracode account
  2. Implement this action
  3. Push a commit
  4. Observe any results being represented as a security alert

Additional resources

  • ..

About

Veracode Pipeline Scan Action

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Languages