Skip to content

Commit

Permalink
Merge pull request #15 from veracode/adjustPolicyUsage
Browse files Browse the repository at this point in the history 
Adjust policy usage
  • Loading branch information
@julz0815
julz0815 authored Nov 1, 2023
2 parents 8217bb0 + 975f2a5 commit 35aecef
Show file tree
Hide file tree
Showing 9 changed files with 14,023 additions and 6,924 deletions.
18 changes: 9 additions & 9 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,18 +37,18 @@ The tool will need some information passed to it as parameters (many are optiona
* The build artifact file to upload and scan

* Very Common
* veracode_policy_name
* Name of the Veracode default policy or custom-built policy to apply to the scan results.
* request_policy
* The name of the custom platform policy that will be downloaded. A scan will not happen. This can not be a Veracode builtin policy. The name of the policy file is by convention the name of the policy with spaces replaced by underscores and .json appended.
* DPERECATED, WILL BE REMOVED WITH NEXT VERSION - The name of the custom platform policy that will be downloaded. A scan will not happen. This can not be a Veracode builtin policy. The name of the policy file is by convention the name of the policy with spaces replaced by underscores and .json appended.
* fail_on_severity
* Only fail if flaws of Very High or High severity are found.
* fail_on_cwe
* Also fail if a CWE-80: (XSS) flaw is found. (It is Medium severity and thus would be filtered out by the above option)
* baseline_file:
* Filter the flaws that exist in the specified baseline file and show only the additional flaws in the current scan.
* request_policy
* Specify the name of a Policy on the Veracode platform that will be downlaoded and use to rate pipeline scan findings on
* policy_name
* Name of the Veracode default policy rule to apply to the scan results. You can only use this parameter with a Veracode default policy.
* DPERECATED, WILL BE REMOVED WITH NEXT VERSION - Name of the Veracode default policy rule to apply to the scan results. You can only use this parameter with a Veracode default policy.
* policy_file:
* a previously downloaded policy file that should used to rate the findings
* fail_build:
Expand Down Expand Up @@ -122,7 +122,7 @@ The basic yml
# run the pipeline scan action
- name: pipeline-scan action step
id: pipeline-scan
uses: veracode/Veracode-pipeline-scan-action@v1.0.8
uses: veracode/Veracode-pipeline-scan-action@v1.0.10
with:
vid: ${{ secrets.VID }}
vkey: ${{ secrets.VKEY }}
Expand Down Expand Up @@ -152,12 +152,12 @@ Rate the findings according to a policy and fail the build
# run the pipeline scan action
- name: pipeline-scan action step
id: pipeline-scan
uses: veracode/Veracode-pipeline-scan-action@v1.0.8
uses: veracode/Veracode-pipeline-scan-action@v1.0.10
with:
vid: ${{ secrets.VID }}
vkey: ${{ secrets.VKEY }}
file: "verademo.war"
request_policy: "VeraDemo Policy"
veracode_policy_name: "VeraDemo Policy"
fail_build: true
```
Expand All @@ -184,7 +184,7 @@ Sort out previous findings using a baseline file
# run the pipeline scan action
- name: pipeline-scan action step
id: pipeline-scan
uses: veracode/Veracode-pipeline-scan-action@v1.0.8
uses: veracode/Veracode-pipeline-scan-action@v1.0.10
with:
vid: ${{ secrets.VID }}
vkey: ${{ secrets.VKEY }}
Expand Down Expand Up @@ -217,7 +217,7 @@ Sort out previous findings using a baseline file, create a new baseline file and
# run the pipeline scan action
- name: pipeline-scan action step
id: pipeline-scan
uses: veracode/Veracode-pipeline-scan-action@v1.0.8
uses: veracode/Veracode-pipeline-scan-action@v1.0.10
with:
vid: ${{ secrets.VID }}
vkey: ${{ secrets.VKEY }}
Expand Down
8 changes: 5 additions & 3 deletions action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,10 @@ inputs:
description: 'GITHUB_TOKEN or a repo scoped PAT.'
default: ${{ github.token }}
required: true
veracode_policy_name:
description: 'Name of the Veracode default policy or custom-built policy to apply to the scan results.'
request_policy:
description: 'Name of the security policy to download as a file. Required only if you want to download the configuration for a custom policy defined by your organization. After downloading the policy, you can provide this file in a subsequent command using the policy_file parameter.'
description: 'DPERECATED, WILL BE REMOVED WITH NEXT VERSION - Name of the security policy to download as a file. Required only if you want to download the configuration for a custom policy defined by your organization. After downloading the policy, you can provide this file in a subsequent command using the policy_file parameter.'
required: false
fail_on_severity:
description: 'Fail the pipeline job if the scan finds flaws of the specified severities. Enter a comma-separated list of severities in quotation marks.'
Expand All @@ -27,10 +29,10 @@ inputs:
description: 'Filter the flaws that exist in the specified baseline file and show only the additional flaws in the current scan.'
required: false
policy_name:
description: 'Name of the Veracode default policy rule to apply to the scan results. You can only use this parameter with a Veracode default policy.'
description: 'DPERECATED, WILL BE REMOVED WITH NEXT VERSION - Name of the Veracode default policy rule to apply to the scan results. You can only use this parameter with a Veracode default policy.'
required: false
policy_file:
description: 'Name of the local policy file you want to apply to the scan results. To download this file, use the --request_policy parameter.'
description: 'Name of the local policy file you want to apply to the scan results.'
required: false
timeout:
description: 'Amount of time, in minutes, for the Pipeline Scan to wait before reporting an unsuccessful scan if the scan does not complete. Default is 60 minutes, which is also the maximum value.'
Expand Down
Loading

0 comments on commit 35aecef

Please sign in to comment.