NodeGoat/.github/workflows/action-test.yml at master · buzzcode/NodeGoat · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
# test of pipeline scan and Issue importer

name: Pipeline scan and Issue importer

#on: [push, pull_request, workflow_dispatch]
on: gollum          # sort of a dummy to prevent this from running

jobs:
  package:
    runs-on: ubuntu-latest
    steps:
      - name: checkout code
        uses: actions/checkout@v2
        with:
          path: nodegoat

      - name: package (zip)
        run: zip -r upload.zip nodegoat -x *node_modules/* *.git/*

      - name: save archive
        uses: actions/upload-artifact@v2
        with:
          name: scan-target
          path: upload.zip

  pipeline-scan:
    needs: package
    runs-on: ubuntu-latest
    container:
      image: veracode/pipeline-scan:latest
      options: --user root
    steps:
      - name: get archive
        uses: actions/download-artifact@v2
        with:
          name: scan-target
          path: /tmp

      - name: debug1
        run: |
          pwd
          ls -l
          ls -l /tmp

      - name: scan
        run: |
          java -jar /opt/veracode/pipeline-scan.jar \
              -vid ${{ secrets.VERACODE_API_ID }}   \
              -vkey ${{ secrets.VERACODE_API_KEY }} \
              --file /tmp/upload.zip                \
              --fail_on_severity="Very High,High"   \
        continue-on-error: true

      - name: debug2
        run: |
          pwd
          ls -l
          ls -l /tmp

      - name: save filtered results file
        uses: actions/upload-artifact@v2
        with:
          name: filtered-results
          path: filtered_results.json

  import-pipeline-issues:
    needs: pipeline-scan
    runs-on: ubuntu-latest
    steps:
      - name: get scan results
        uses: actions/download-artifact@v2
        with:
          name: filtered-results

      - name: debug1
        run: |
          pwd
          ls -l
          ls -l /tmp

      - name: import flaws as issues
        uses: buzzcode/veracode-flaws-to-issues@main
        with:
          pipeline-results-json: 'filtered_results.json'
          github-token: ${{ secrets.GITHUB_TOKEN }}