-
Notifications
You must be signed in to change notification settings - Fork 2
45 lines (36 loc) · 1.16 KB
/
veracode-scan.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
name: Veracode scan
on:
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
schedule:
- cron: '0 13 * * 6'
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Setup .NET
uses: actions/setup-dotnet@v2
with:
dotnet-version: 6.0.x
- name: Restore dependencies
run: dotnet restore --ignore-failed-sources
- name: Publish solution
run: dotnet publish src/Laserfiche.Repository.Api.Client.csproj --no-restore
- name: Veracode Upload And Scan (Static Application Security Testing)
uses: veracode/[email protected]
with:
appname: 'lf-repository-api-client-dotnet'
createprofile: true
filepath: 'src/bin/Debug/netstandard2.0'
vid: '${{ secrets.VERACODE_API_ID }}'
vkey: '${{ secrets.VERACODE_API_KEY }}'
- name: Run Veracode Software Composition Analysis (SCA)
env:
SRCCLR_API_TOKEN: ${{ secrets.SRCCLR_API_TOKEN }}
uses: veracode/[email protected]
with:
create-issues: false
allow-dirty: true
recursive: true