forked from veracode/github-actions-integration
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathveracode.yml
96 lines (94 loc) · 4.5 KB
/
veracode.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
#veracode_static_scan:
# push:
# trigger: false # Disabled triggering the scan by pushing changes
# # Please only specify either branches_to_run or branches_to_exclude
# # Entering both will only execute branches_to_run
# # Leaving them both blank means this will never run
# branches_to_run:
# - '*'
# branches_to_exclude:
# pull_request:
# trigger: true
# action:
# - closed
# target_branch:
# - default_branch
# If the analysis_on_platform is set to true,
# Veracode will save your last scan result, on the default branch, as an application profile with the same name as your scanned repository on the Veracode platform.
# If the analysis_on_platform is set to false, scan results will not be saved to the Veracode platform.
# analysis_on_platform: true
# If break_build_policy_findings is set to true, the build will break when findings violate the policy.
# break_build_policy_findings: true
# If break_build_invalid_policy is set to true, the build will break when the policy name is invalid.
# break_build_invalid_policy: true
# If the break_build_on_error is set to true, the build will break if the scan failed to complete in time or with an error and the error_message will be displayed.
# break_build_on_error: false
# error_message: "Veracode static scan faced a problem. Please contact your Veracode administrator for more information."
# Default policy to be used if a policy isn't already assigned to the application profile.
# policy: 'Veracode Recommended High'
# If the create_code_scanning_alert is set to true, GitHub security code scanning vulnerability alerts will be created for static findings.
# create_code_scanning_alert: false
# If the create_issue is set to true, GitHub Issues will be created for static findings.
# create_issue: false
# If the trigger is set to true, a scan is triggered when you create an issue containing the commands value or add a comment containing the commands value to an issue.
# Syntax to be used - COMMANDS_VALUE [branch: BRANCH_NAME]
# issues:
# trigger: false
# commands:
# - "Veracode Static Scan"
# Disable SCA Scan
# veracode_sca_scan:
# push:
# trigger: true
# # Please only specify either branches_to_run or branches_to_exclude
# # Entering both will only execute branches_to_run
# # Leaving them both blank means this will never run
# branches_to_run:
# - '*'
# branches_to_exclude:
# pull_request:
# trigger: true
# action:
# - opened
# - synchronize
# target_branch:
# - default_branch
# # If the break_build_on_error is set to true, the build will break if the scan failed to complete or with an error, no libraries were found,
# # or no build system was found and the error_message will be displayed.
# break_build_on_error: true
# error_message: "Veracode SCA scan faced a problem. Please contact your Veracode administrator for more information."
# # If the trigger is set to true, a scan is triggered when you create an issue containing the commands value or add a comment containing the commands value to an issue.
# # Syntax to be used - COMMANDS_VALUE [branch: BRANCH_NAME]
# issues:
# trigger: false
# commands:
# - "Veracode SCA Scan"
# Disable IAC Scan
# veracode_iac_secrets_scan:
# push:
# trigger: true
# # Please only specify either branches_to_run or branches_to_exclude
# # Entering both will only execute branches_to_run
# # Leaving them both blank means this will never run
# branches_to_run:
# - '*'
# branches_to_exclude:
# pull_request:
# trigger: true
# action:
# - opened
# - synchronize
# target_branch:
# - default_branch
# # If break_build_policy_findings is set to true, the build will break when findings violate the policy.
# break_build_policy_findings: true
# # If the break_build_on_error is set to true, the build will break if the scan failed to complete or with an error, no libraries were found,
# # or no build system was found and the error_message will be displayed.
# break_build_on_error: true
# error_message: "Veracode IAC secrets scan faced a problem. Please contact your Veracode administrator for more information."
# # If the trigger is set to true, a scan is triggered when you create an issue containing the commands value or add a comment containing the commands value to an issue.
# # Syntax to be used - COMMANDS_VALUE [branch: BRANCH_NAME]
# issues:
# trigger: false
# commands:
# - "Veracode IAC Scan"