SCA Verademo Maven Build [Single Job] #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: SCA Verademo Maven Build [Single Job] | |
on: | |
workflow_dispatch: | |
env: | |
SRCCLR_API_TOKEN: ${{secrets.SRCCLR_API_TOKEN}} | |
# SRCCLR_SCM_URI: https://github.com/bnreplah/verademo | |
SRCCLR_SCM_SUB_PATH: /app | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
# grants permissions for the artifact to be uploaded | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can acces it and clones the repo | |
- uses: actions/checkout@v3 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '17' | |
distribution: 'adopt' | |
- name: Build with Maven | |
run: | | |
pwd | |
cd app/ | |
mvn -B clean package --file pom.xml | |
ls target/ | |
- name: Upload a Build Artifact | |
uses: actions/upload-artifact@latest | |
with: | |
# Artifact name | |
name: verademo-artifact | |
# optional, default is artifact | |
# A file, directory or wildcard pattern that describes what to upload | |
path: app/target/verademo.war | |
# The desired behavior if no files are found using the provided path. | |
if-no-files-found: error | |
# - name: Veracode Dependency Scanning | |
# run: | | |
# ls | |
# curl -sSL https://download.sourceclear.com/ci.sh | sh -s scan app/ --allow-dirty --debug | |
- name: Veracode Dependency Scanning | |
# You may pin to the exact commit or the version. | |
# uses: veracode/veracode-sca@d8ce4a08eebf1a6c5e7759c1dc53c1172a3e7e64 | |
uses: veracode/veracode-sca@latest | |
with: | |
# Authorization token to query and create issues | |
github_token: ${{ secrets.GH_TOKEN }} | |
# | |
quick: false # optional, default is false | |
# Show update advisor | |
update_advisor: true # optional, default is false | |
# A git URL to work with in case the scan is not for the current repository | |
#url: https://github.com/bnreplah/verademo # optional, default is | |
# The minimum CVSS value for vulnerability to be added as an issue | |
#min-cvss-for-issue: # optional, default is 0 | |
# The maximum allowed cvss in found vulnerabilities to pass the step | |
#fail-on-cvss: # optional, default is 10 | |
# An attribute to instruct the action to create an issue from found vulnerability or just simple text output | |
create-issues: true # optional, default is false | |
# A path within the repository where the build definition starts | |
path: app/ # optional, default is . | |
# Run the SRCCLR in debug mode | |
debug: true # optional, default is false | |
# Run the SRCCLR with the `--skip-collectors` options | |
#skip-collectors: # optional, default is false | |
# Run the SRCCLR with the `--allow-dirty` option | |
allow-dirty: true # optional, default is false | |
# Run the SRCCLR with the `--recursive` option | |
#recursive: # optional, default is false | |