Implemented Veracode Policy Name Validation

[veeranjaneya-reddy]

No description provided.

[julz0815]

What is this doing exactly? Check if a policy name is valid, before it gets pushed to the individual workflows?

[shailesh-veracode]

What is this doing exactly? Check if a policy name is valid, before it gets pushed to the individual workflows?

Yes, we are currently checking the validation of the policy name within the workflow itself. Based on the condition, we will determine whether to call the pipeline or initiate a policy scan.

To access the policies validation API, we need to provide the VERACODE_API_ID and VERACODE_API_KEY. However, in the backend app, we are unable to read these values. So we have added this logic in the workflow repository itself.

Below are the scenarios we are handling :
1] If the policy name is correct, then based on the user's configuration, we are initiating the scan.

2] If the policy name is invalid and the " break_build_policy_findings" set to false, we will simply display the error (annotation) on the workflow and the user's repository.

3] If the policy name is invalid and the "break_build_policy_findings" is true then we will display an error annotation on the workflow and user's repository. Additionally, we will not initiate the policy and pipeline scan.

[veeranjaneya-reddy]

NOTE: This MR can only be merged when the app code is merged to production as it has some dependencies on the backend app.

[julz0815]

let me know when you need the merge here

[julz0815]

This will not work! Or better to say only work for the US platform as the credentials this way only work for .com! But we also have a EU and FedRamp platform and we have to support that as well! You need to remove the API credentials prefix for this to work!