0.2.2 release

.github/workflows/binary-ready-veracode-sast-pipeline-scan.yml

@@ -72,7 +72,7 @@ jobs:
 
       - name: Veracode Pipeline-Scan
         id: pipeline-scan
-        uses: veracode/Veracode-pipeline-scan-action@v1.0.15
+        uses: veracode/Veracode-pipeline-scan-action@v1.0.16
         with:
           vid: ${{ secrets.VERACODE_API_ID }}
           vkey: ${{ secrets.VERACODE_API_KEY }}

.github/workflows/binary-ready-veracode-sast-policy-scan.yml

@@ -71,7 +71,7 @@ jobs:
           run-id: ${{ github.event.client_payload.run_id }}
 
       - name: Veracode Upload and Scan Action Step
-        uses: veracode/uploadandscan-action@v0.1.4
+        uses: veracode/uploadandscan-action@v0.1.5
         id: upload_and_scan
         with:
           vid: '${{ secrets.VERACODE_API_ID }}'

.github/workflows/binary-ready-veracode-sast-sandbox-scan.yml

@@ -24,7 +24,7 @@ jobs:
 
       - name: Veracode Upload and Scan Action Step
         id: upload_and_scan
-        uses: veracode/uploadandscan-action@v0.1.4
+        uses: veracode/uploadandscan-action@v0.1.5
         with:
           appname: ${{ github.event.client_payload.user_config.profile_name }}
           createprofile: true

.github/workflows/veracode-build-artifact-for-scanning.yml

@@ -17,6 +17,14 @@ on:
         type: string
 
 jobs:
+  build:
+    if: ${{ inputs.event_name == 'java-pipeline-scan' || inputs.event_name == 'java-policy-scan' || inputs.event_name == 'java-sandbox-scan' || inputs.event_name == 'unidentified-lang-pipeline-scan' || inputs.event_name == 'unidentified-lang-policy-scan' || inputs.event_name == 'unidentified-lang-sandbox-scan' }}
+    uses: ./.github/workflows/veracode-default-build.yml
+    with:
+      repository: ${{ inputs.repository }}
+      ref: ${{ inputs.ref }}
+      token: ${{ inputs.token }}
+
   build-java-maven:
     if: ${{ inputs.event_name == 'java-maven-pipeline-scan' || inputs.event_name == 'java-maven-policy-scan' || inputs.event_name == 'java-maven-sandbox-scan' }}
     uses: ./.github/workflows/veracode-build-java-cli-maven.yml

.github/workflows/veracode-build-java-cli-gradle.yml

@@ -27,7 +27,7 @@ jobs:
       with:
         java-version: 21
         distribution: oracle
-    - name: Package the appliccation
+    - name: Package the application
       env:
         VERACODE_API_KEY_ID: '${{ secrets.VERACODE_API_ID }}'
         VERACODE_API_KEY_SECRET: '${{ secrets.VERACODE_API_KEY }}'

.github/workflows/veracode-build-java-cli-maven.yml

@@ -32,7 +32,7 @@ jobs:
       with:
         path: ~/.m2
         key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
-    - name: Package the appliccation
+    - name: Package the application
       env:
         VERACODE_API_KEY_ID: '${{ secrets.VERACODE_API_ID }}'
         VERACODE_API_KEY_SECRET: '${{ secrets.VERACODE_API_KEY }}'

.github/workflows/veracode-code-analysis.yml

@@ -29,6 +29,10 @@ on:
       - scala-policy-scan
       - dart-pipeline-scan
       - dart-policy-sca
+      - java-pipeline-scan
+      - java-policy-scan
+      - unidentified-lang-pipeline-scan
+      - unidentified-lang-policy-scan
 
 jobs:
   register:

.github/workflows/veracode-default-build.yml

@@ -0,0 +1,58 @@
+name: Veracode Build
+on:
+  workflow_call:
+    inputs:
+      repository:
+        required: true
+        type: string
+      ref:
+        required: true
+        type: string
+      token:
+        required: true
+        type: string
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    container:
+      image: veracode/scm-packaging:latest
+    env:
+      VERACODE_API_KEY_ID: '${{ secrets.VERACODE_API_ID }}'
+      VERACODE_API_KEY_SECRET: '${{ secrets.VERACODE_API_KEY }}'
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        repository: ${{ inputs.repository }}
+        ref: ${{ inputs.ref }}
+        token: ${{ inputs.token }}
+
+    - uses: actions/checkout@v4
+      with:
+        path: 'veracode-helper'
+
+    - name: Package the application
+      id: application_package
+      env:
+        VERACODE_API_KEY_ID: '${{ secrets.VERACODE_API_ID }}'
+        VERACODE_API_KEY_SECRET: '${{ secrets.VERACODE_API_KEY }}'
+      run: |
+        cd veracode-helper/helper/cli
+        cliFile=$(ls -1 . | head -n 1)
+        cliFileName=$(echo "$cliFile" | cut -c 1-$((${#cliFile}-7)))
+        tar -zxvf $cliFile
+        cd $cliFileName
+        export PATH="veracode-helper/helper/cli/$cliFileName:$PATH"
+        cd /__w/veracode/veracode
+        veracode package --source . --output veracode-artifacts --trust
+        zip veracode-artifact.zip veracode-artifacts/* -x .zip .tar .tar.gz .gz
+
+    - name: Package error
+      if: failure() && steps.application_package.outcome == 'failure'
+      run: |
+        echo "::error::Veracode static scan faced a problem. Please contact your Veracode administrator for more information."
+
+    - uses: actions/upload-artifact@v4
+      with:
+        name: veracode-artifact
+        path: /__w/veracode/veracode/veracode-artifact.zip
+        if-no-files-found: error

.github/workflows/veracode-iac-secrets-scan.yml

@@ -52,7 +52,7 @@ jobs:
           ref: ${{ github.event.client_payload.sha }}
           token: ${{ github.event.client_payload.token }}
       - name: Run Veracode IaC/Secrets Scanning
-        uses: veracode/container_iac_secrets_scanning@v1.0.2
+        uses: veracode/container_iac_secrets_scanning@v1.0.3
         with:
             vid: ${{ secrets.VERACODE_API_ID }}
             vkey: ${{ secrets.VERACODE_API_KEY }}

.github/workflows/veracode-pipeline-scan.yml

@@ -73,7 +73,7 @@ jobs:
       # run the pipeline scan action
       - name: Veracode Pipeline-Scan
         id: pipeline-scan
-        uses: veracode/Veracode-pipeline-scan-action@v1.0.15
+        uses: veracode/Veracode-pipeline-scan-action@v1.0.16
         with:
           vid: ${{ secrets.VERACODE_API_ID }}
           vkey: ${{ secrets.VERACODE_API_KEY }}

.github/workflows/veracode-policy-scan.yml

@@ -70,7 +70,7 @@ jobs:
 
       # run the policy scan action
       - name: Veracode Upload and Scan Action Step
-        uses: veracode/uploadandscan-action@v0.1.4
+        uses: veracode/uploadandscan-action@v0.1.5
         id: upload_and_scan
         with:
           appname: ${{ inputs.profile_name }}

.github/workflows/veracode-sandbox-scan.yml

@@ -18,6 +18,8 @@ on:
       - php-sandbox-scan
       - scala-sandbox-scan
       - dart-sandbox-scan
+      - java-sandbox-scan
+      - unidentified-lang-sandbox-scan
 
 jobs:
   build:
@@ -46,7 +48,7 @@ jobs:
 
       # run the policy scan action
       - name: Veracode Upload and Scan Action Step
-        uses: veracode/uploadandscan-action@v0.1.4
+        uses: veracode/uploadandscan-action@v0.1.5
         id: upload_and_scan
         with:
           appname: ${{ github.event.client_payload.user_config.profile_name }}

.github/workflows/veracode-sca-scan.yml

@@ -9,7 +9,7 @@ concurrency:
 on:
   repository_dispatch:
     types: [veracode-sca-scan]
-    
+
 jobs:
   register:
     uses: ./.github/workflows/veracode-check-run.yml
@@ -22,24 +22,69 @@ jobs:
       github_token: ${{ github.event.client_payload.token }}
       run_id: ${{ github.run_id }}
       branch: ${{ github.event.client_payload.repository.branch }}
-       
+
   veracode-sca-scan:
     needs: [register]
     runs-on: ubuntu-latest
     name: Veracode Component Analysis
+    timeout-minutes: 30
 
     steps:
       - uses: actions/checkout@v4
         with:
           repository: ${{ github.event.client_payload.repository.full_name }}
           ref: ${{ github.event.client_payload.repository.branch }}
           token: ${{ github.event.client_payload.token }}
+      - uses: actions/checkout@v4
+        with:
+          path: 'veracode-helper'
+      - name: Find yarn JS apps using workspaces
+        run: |
+          if [ -f "package.json" ] && [ -f "pnpm-lock.yaml" ] && [ -f "pnpm-workspace.yaml" ]; then
+            echo "- The file package.json, pnpm-lock.yml and pnpm-workspace.yaml exist. This looks like a PNPM workspace project."
+            if grep -q "workspaces" "package.json"; then
+              echo "-- The package.json file contains workspaces - running PNPM lockfile generator"
+          	  node veracode-helper/helper/pnpm-helper.js --folder '/home/runner/work/veracode/veracode' --intRepoPrefix '${{ github.event.client_payload.repository.owner }}' --repoName '${{ github.event.client_payload.repository.name }}'
+            else
+              echo "-- The package.json file does not contain workspace - this will fail - exiting"
+            fi
+          elif [ -f "package.json" ] && [ ! -f "pnpm-lock.yml" ] && [ ! -f "pnpm-workspace.yaml" ]; then
+          	if grep -q "workspaces" "package.json"; then
+          		echo "- The package.json file exists, and it contains 'workspaces'."
+          		if grep -q "yarn" "package.json"; then
+          			echo "-- Yarn was identified on the package.json file"
+          			version=$(grep 'yarn' package.json | grep -oE '[0-9]' | head -n 1)
+          			if [ -z "$version" ]; then
+          				echo "-- The yarn version could not be identified."
+          			else
+          				echo "-- The yarn version is: $version"
+
+          				if [ $version -lt "3" ]; then
+          					echo "---- Running v2 lockfile generator"
+          					node veracode-helper/helper/yarn-lock-file-generator-v2.js --folder /home/runner/work/veracode/veracode
+          				elif [ $version -ge "3" ]; then
+          					echo "---- Running v3 lockfile generator"
+          					node veracode-helper/helper/yarn-lock-file-generator-v3.js --folder /home/runner/work/veracode/veracode
+          				fi
+          			fi
+          		else
+          			echo "- Yarn was not identified on the package.json file"
+              fi
+          	else
+                          echo "- The package.json file exists, but it does not contain 'workspaces'."
+          	fi
+          else
+          	echo "The package.json file does not exist."
+          fi
+          rm -rf veracode-helper
+
       - name: Run Veracode SCA
         env:
           SRCCLR_API_TOKEN: ${{ secrets.VERACODE_AGENT_TOKEN }}
-        uses: veracode/veracode-sca@v2.1.11
+          JAVA_OPTS: -Xms2g -Xmx4g
+        uses: veracode/veracode-sca@v2.1.12
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
-          create-issues: false  
-#           fail-on-cvss: 1
-#           min-cvss-for-issue: 1
+          create-issues: false
+          recursive: true
+          allow-dirty: true