├── .github └── workflows │ ├── main.yml │ └── policyscan.yml ├── .gitignore ├── Dockerfile ├── LICENSE ├── README.md ├── SECURITY.md ├── action.yml ├── binaries_to_upload ├── hello.jar └── hello2.jar └── entrypoint.sh /.github/workflows/main.yml: -------------------------------------------------------------------------------- 1 | # This is a basic workflow to help you get started with Actions 2 | 3 | name: CI 4 | 5 | # Controls when the action will run. Triggers the workflow on push or pull request 6 | # events but only for the master branch 7 | on: 8 | workflow_dispatch: 9 | push: 10 | branches: [ master ] 11 | pull_request: 12 | branches: [ master ] 13 | 14 | # A workflow run is made up of one or more jobs that can run sequentially or in parallel 15 | jobs: 16 | # This workflow contains a single job called "build" 17 | build: 18 | # The type of runner that the job will run on 19 | runs-on: ubuntu-latest 20 | 21 | # Steps represent a sequence of tasks that will be executed as part of the job 22 | steps: 23 | # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it 24 | - uses: actions/checkout@v3 25 | - uses: actions/setup-java@v2 26 | with: 27 | distribution: 'adopt' 28 | java-version: '8' 29 | - uses: actions/upload-artifact@v3 30 | with: 31 | path: binaries_to_upload/*.jar 32 | - name: Veracode Upload and Scan Action Step 33 | uses: ./ # Uses an action in the root directory 34 | id: upload_and_scan 35 | with: 36 | appname: '${{ github.repository }}' 37 | version: '${{ github.run_id }}' 38 | filepath: 'binaries_to_upload/*.jar' 39 | vid: '${{ secrets.VERACODE_API_ID }}' 40 | vkey: '${{ secrets.VERACODE_API_KEY }}' 41 | createsandbox: true 42 | sandboxname: 'Github - ${{ github.ref }}' 43 | scantimeout: 15 44 | criticality: 'VeryHigh' 45 | createprofile: false 46 | -------------------------------------------------------------------------------- /.github/workflows/policyscan.yml: -------------------------------------------------------------------------------- 1 | # This is a basic workflow to help you get started with Actions 2 | 3 | name: Veracode Policy Scan 4 | 5 | # Controls when the action will run. Triggers the workflow on push or pull request 6 | # events but only for the master branch 7 | on: 8 | workflow_dispatch: 9 | 10 | # A workflow run is made up of one or more jobs that can run sequentially or in parallel 11 | jobs: 12 | # This workflow contains a single job called "build" 13 | build-and-policy-scan: 14 | # The type of runner that the job will run on 15 | runs-on: ubuntu-latest 16 | 17 | # Steps represent a sequence of tasks that will be executed as part of the job 18 | steps: 19 | # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it 20 | - uses: actions/checkout@v3 21 | - uses: actions/setup-java@v2 # Make java accessible on path so the uploadandscan action can run. 22 | with: 23 | distribution: 'adopt' 24 | java-version: '8' 25 | 26 | # zip the project and move it to a staging directory 27 | - name: Zip Project 28 | run: zip -R project.zip '*.py' '*.html' '*.htm' '*.js' '*.php' 'requirements.txt' '*.json' '*.lock' '*.ts' '*.pl' '*.pm' '*.plx' '*.pl5' '*.cgi' '*.go' '*.sum' '*.mod' 29 | env: 30 | build-name: project.zip 31 | - uses: actions/upload-artifact@v3 # Copy files from repository to docker container so the next uploadandscan action can access them. 32 | with: 33 | path: project.zip # Wildcards can be used to filter the files copied into the container. See: https://github.com/actions/upload-artifact 34 | - uses: veracode/veracode-uploadandscan-action@master # Run the uploadandscan action. Inputs are described above. 35 | with: 36 | appname: '${{ github.repository }}' 37 | version: '${{ github.run_id }}' 38 | filepath: 'project.zip' 39 | vid: '${{ secrets.VERACODE_API_ID }}' 40 | vkey: '${{ secrets.VERACODE_API_KEY }}' 41 | scantimeout: 15 42 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | runJava.sh 3 | VeracodeJavaAPI.jar 4 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # Container image that runs your code 2 | FROM openjdk:latest 3 | 4 | #RUN yum install curl 5 | 6 | # Copies your code file from your action repository to the filesystem path `/` of the container 7 | COPY entrypoint.sh /entrypoint.sh 8 | 9 | # Code file to execute when the docker container starts up (`entrypoint.sh`) 10 | ENTRYPOINT ["/entrypoint.sh"] 11 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 GitHub Actions 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Veracode Upload And Scan Action 2 | 3 | This action runs the Veracode Java Wrapper's 'upload and scan' action. 4 | 5 | ## Inputs 6 | 7 | ### `appname` 8 | 9 | **Required:** STRING - The application name. 10 | 11 | **Default:** '${{ github.repository }}' 12 | 13 | ### `createprofile` 14 | 15 | **Required:** BOOLEAN - True to create a new application profile. 16 | 17 | **Default:** true 18 | 19 | ### `filepath` 20 | 21 | **Required:** STRING - Filepath or folderpath of the file or directory to upload. (If the last character is a backslash it needs to be escaped: \\\\). 22 | 23 | ### `version` 24 | 25 | **Required:** STRING - The name or version number of the new build. 26 | 27 | **Default:** 'Scan from Github job: ${{ github.run_id }}' 28 | 29 | ### `vid` 30 | 31 | **Required:** Veracode API ID. 32 | 33 | ### `vkey` 34 | 35 | **Required:** Veracode API key. 36 | 37 | ## Optional Inputs 38 | 39 | ### `createsandbox` 40 | 41 | **Optional** BOOLEAN - Set 'true' if the sandbox should be created on the Veracode platform 42 | 43 | ### `sandboxname` 44 | 45 | **Optional** STRING - The sandboxname inside the application profile name 46 | 47 | ### `scantimeout` 48 | 49 | **Optional** INTEGER - Number of minutes how long the action is waiting for the scan to complete. Use this to introduce break build functionality 50 | 51 | ### `exclude` 52 | 53 | **Optional** STRING - Exclude modules from modules selection / scanning. Case-sensitive, comma-separated list of module name patterns that represent the names of modules to not scan as top-level modules. The * wildcard matches 0 or more characters. The ? wildcard matches exactly one character. 54 | 55 | ### `include` 56 | 57 | **Optional** STRING - Include modules in modules selection / scanning. Case-sensitive, comma-separated list of module name patterns that represent the names of modules to scan as top-level modules. The * wildcard matches 0 or more characters. The ? wildcard matches exactly one character. 58 | 59 | ### `includenewmodules` 60 | 61 | **Optional** BOOLEAN - If scanallnonfataltoplevelmodules are true, set this parameter to true to automatically select all new top-level modules for inclusion in the scan. By default, the scan only includes previously selected modules. 62 | 63 | ### `criticality` 64 | 65 | **Optional** STRING - Set the business criticality, automatically choosing the corresponding policy to rate findings. Options: VeryHigh, High, Medium, Low, VeryLow 66 | 67 | ### `pattern` 68 | 69 | **Optional** STRING - Case-sensitive filename pattern that represents the names of uploaded files to save with a different name. The * wildcard matches 0 or more characters. The ? wildcard matches exactly one character. Each wildcard corresponds to a numbered group that you can reference in the replacement pattern. 70 | 71 | ### `replacement` 72 | 73 | **Optional** STRING - Replacement pattern that references groups captured by the filename pattern. For example, if the filename pattern is --SNAPSHOT.war and the replacement pattern is $1-master-SNAPSHOT.war, an uploaded file named app-branch-SNAPSHOT.war is saved as app-master-SNAPSHOT.war. 74 | 75 | ### `sandboxid` 76 | 77 | **Optional** INTEGER - ID of the sandbox in which to run the scan. 78 | 79 | ### `scanallnonfataltoplevelmodules` 80 | 81 | **Optional** BOOLEAN - If this parameter is not set, the default is false. When set to true, if the application has more than one module, and at least one of the top-level modules does not have any fatal prescan errors, it starts the scan for those modules after prescan is complete. 82 | 83 | ### `selected` 84 | 85 | **Optional** BOOLEAN - Set this parameter to true to scan the modules currently selected in the Veracode Platform. 86 | 87 | ### `selectedpreviously` 88 | 89 | **Optional** BOOLEAN - Set to true to scan only the modules selected in the previous scan. 90 | 91 | ### `teams` 92 | 93 | **Optional** STRING - Required if you are creating a new application in the Veracode Platform. Comma-separated list of team names associated with the specified application. 94 | 95 | ### `toplevel` 96 | 97 | **Optional** BOOLEAN - When set to true, Veracode only scans the top-level modules in your files. 98 | Veracode recommends that you use the toplevel parameter if you want to ensure the scan completes even though there are non-fatal errors, such as unsupported frameworks. 99 | 100 | ### `deleteincompletescan` 101 | 102 | **In Java API Wrapper version >=22.5.10.0 this parameter has changed to an Integer. One of these values:** 103 | 104 | * 0: do not delete an incomplete scan when running the uploadandscan action. The default. If set, you must delete an incomplete scan manually to proceed with the uploadandscan action. 105 | * 1: delete a scan with a status of incomplete, no modules defined, failed, or canceled to proceed with the uploadandscan action. If errors occur when running this action, the Java wrapper automatically deletes the incomplete scan. 106 | * 2: delete a scan of any status except Results Ready to proceed with the uploadandscan action. If errors occur when running this action, the Java wrapper automatically deletes the incomplete scan. 107 | 108 | **Optional** With the scan deleted automatically, you can create subsequent scans without having to manually delete an incomplete scan. 109 | 110 | ### `scanpollinginterval` 111 | 112 | **Optional** INTEGER - Interval, in seconds, to poll for the status of a running scan. Value range is 30 to 120 (two minutes). Default is 120. 113 | 114 | 115 | ### `javawrapperversion` 116 | 117 | **Optional** STRING - Allows specifying the version of the Java API Wrapper used by the script to call the Veracode APIs. The default is to use the latest released version of the Veracode Java API Wrapper, as [published in Maven Central](https://search.maven.org/search?q=a:vosp-api-wrappers-java). An example of the version string format is `22.5.10.1`. 118 | 119 | ### `debug` 120 | 121 | **Optional** BOOLEAN - Set to true to show detailed diagnostic information, which you can use for debugging, in the output. 122 | 123 | ### `maxretrycount` 124 | 125 | **Optional** INTEGER - Number of times to retry the last request during certain error conditions or when a request times out. Value range is 1 to 5. Default is 5 126 | 127 | ## Examples 128 | 129 | ### General Usage 130 | 131 | The following example will compile and build a Java web applicatin (.war file) from the main branch of the source code repository using Maven. The compiled .war file is then uploaded to Veracode and a static analysis scan is run. 132 | 133 | The veracode credentials are read from github secrets. NEVER STORE YOUR SECRETS IN THE REPOSITORY. 134 | 135 | ```yaml 136 | name: Veracode Static Analysis Demo 137 | on: workflow_dispatch 138 | 139 | jobs: 140 | static_analysis: 141 | name: Static Analysis 142 | runs-on: ubuntu-latest 143 | 144 | steps: 145 | - name: Check out main branch 146 | uses: actions/checkout@v2 147 | 148 | - name: Build with Maven # Compiling the .war binary from the checked out repo source code to upload to the scanner in the next step 149 | run: mvn -B package --file app/pom.xml 150 | 151 | - name: Veracode Upload And Scan 152 | uses: veracode/veracode-uploadandscan-action@0.2.6 153 | with: 154 | appname: 'VeraDemo' 155 | createprofile: false 156 | filepath: 'app/target/verademo.war' 157 | vid: '${{ secrets.API_ID }}' 158 | vkey: '${{ secrets.API_KEY }}' 159 | # createsandbox: 'true' 160 | # sandboxname: 'SANDBOXNAME' 161 | # scantimeout: 0 162 | # exclude: '*.js' 163 | # include: '*.war' 164 | # criticality: 'VeryHigh' 165 | ``` 166 | 167 | ### Using This Action With a Mac Runner 168 | 169 | Docker is not installed on Mac runners by default, and [installing it can be time consuming](https://github.com/actions/runner/issues/1456). As an alternative, we suggest breaking the build and upload for languages that require a Mac runner to build (like iOS) into separate jobs. An example workflow is below: 170 | 171 | ```yaml 172 | jobs: 173 | build: 174 | name: Build 175 | runs-on: macos-12 176 | 177 | steps: 178 | - name: checkout 179 | uses: actions/checkout@v2 180 | 181 | # SNIP: steps to build an iOS application 182 | 183 | - uses: actions/upload-artifact@v3 184 | with: 185 | path: path/to/iOSApplication.zip 186 | scan: 187 | name: Scan 188 | runs-on: ubuntu-latest 189 | needs: build 190 | steps: 191 | - uses: actions/download-artifact@v3 192 | with: 193 | path: iOSApplication.zip 194 | 195 | - name: Upload & Scan 196 | uses: veracode/veracode-uploadandscan-action@0.2.6 197 | with: 198 | appname: 'MyTestApp' 199 | filepath: 'iOSApplication.zip' 200 | vid: 'FakeID' 201 | vkey: 'FakeKey' 202 | ``` 203 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Our Commitment to Security 2 | 3 | Veracode was founded on the idea that companies should be able to access technology that allows them to scan their software for vulnerabilities so that they can identify them, fix them and improve their security. Since that time, we have created new technologies and services to enable our customers to scan for flaws in along the entire software development lifecycle, seeing results in seconds or minutes, to allow them to code securely while also remaining on schedule with continuous release cycles. 4 | 5 | Veracode envisions a world where the software fueling our economic growth and solving society's greatest challenges is developed secure from the start. 6 | 7 | We value transparency in the security industry and openness with sharing information that could improve security for every organization. Veracode is committed to engaging the research community in a professional, positive and agreeable manner that protects our company and our customers. 8 | 9 | As such, we encourage and welcome anyone who believes he or she has identified a vulnerability to contact us with security concerns or pertinent information to the integrity, functionality or confidentiality of our software. 10 | 11 | The terms below apply to any website, application or service distributed by or hosted by Veracode, Inc. 12 | 13 | Please use the email address [**security-alerts@veracode.com**](mailto:security-alerts@veracode.com?subject=Responsible%20Disclosure%20Notice&body=URL(s)/Application(s)%20Impacted:%0A%0ASuspected%20Vulnerability%20Details:%0A%0ADescription%20of%20how%20the%20Vulnerability%20was%20found:%0A%0AContact%20Information:%0A%0AAny%20other%20relevant%20information:%0A%0A) to alert us to: 14 | 15 | - Vulnerabilities or breaches in our software or environments which threaten the confidentiality, integrity or availability of our data, software, or services, or our customers’ data 16 | - Applications that mimic, mislabel, misdirect, or "copycat" Veracode, or phishing attacks even if they do not originate from Veracode sources 17 | - Written or verbal discussion, activities, or data in any public forum which you believe constitutes a threat to Veracode, our employees or our customers 18 | 19 | For more, please refer to our [**Responsible Disclosure Policy**](https://www.veracode.com/legal-privacy/responsible-disclosure-policy) 20 | -------------------------------------------------------------------------------- /action.yml: -------------------------------------------------------------------------------- 1 | name: 'Veracode Upload And Scan' 2 | description: 'Upload files to veracode and start a static scan.' 3 | inputs: 4 | appname: # id of input 5 | description: 'appname' 6 | required: true 7 | default: '${{ github.repository }}' 8 | createprofile: # id of input 9 | description: 'createprofile' 10 | required: true 11 | default: true 12 | filepath: # id of input 13 | description: 'filepath' 14 | required: true 15 | version: # id of input 16 | description: 'version' 17 | required: true 18 | default: 'Scan from Github job: ${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}' 19 | vid: # id of input 20 | description: 'vid' 21 | required: true 22 | vkey: # id of input 23 | description: 'vkey' 24 | required: true 25 | createsandbox: 26 | description: 'true or false' 27 | required: false 28 | sandboxname: 29 | description: 'name of the sandbox' 30 | required: false 31 | scantimeout: 32 | description: 'wait X minutes for the scan to complete' 33 | required: false 34 | exclude: 35 | description: 'modules to exclude from module selection' 36 | required: false 37 | include: 38 | description: 'modules to include in module selection' 39 | required: false 40 | criticality: 41 | description: 'business criticality - policy selection' 42 | required: false 43 | pattern: 44 | description: 'filename pattern' 45 | required: false 46 | replacement: 47 | description: 'replacement' 48 | required: false 49 | sandboxid: 50 | description: 'specify to scan in a sandbox' 51 | required: false 52 | scanallnonfataltoplevelmodules: 53 | description: 'All top level modules' 54 | required: false 55 | selected: 56 | description: 'platform selected modules' 57 | required: false 58 | selectedpreviously: 59 | description: 'selected modules like from previous scan' 60 | required: false 61 | teams: 62 | description: 'teams' 63 | required: false 64 | toplevel: 65 | description: 'teams' 66 | required: false 67 | deleteincompletescan: 68 | description: 'automatically delete the current scan if there are any errors when uploading files or starting the scan' 69 | required: false 70 | scanpollinginterval: 71 | description: 'Interval, in seconds, to poll for the status of a running scan. Value range is 30 to 120 (two minutes). Default is 120.' 72 | required: false 73 | javawrapperversion: 74 | description: 'specify version of the Java API Wrapper; default is latest' 75 | required: false 76 | debug: 77 | description: 'show detailed diagnostic information, which you can use for debugging, in the output.' 78 | required: false 79 | includenewmodules: 80 | description: 'automatically select all new top-level modules for inclusion in the scan' 81 | required: false 82 | maxretrycount: 83 | description: 'Number of times to retry the last request during certain error conditions or when a request times out. Value range is 1 to 5.' 84 | required: false 85 | default: 5 86 | 87 | 88 | # outputs: 89 | # time: # id of output 90 | # description: 'The time we greeted you' 91 | runs: 92 | using: 'docker' 93 | image: 'Dockerfile' 94 | args: 95 | - ${{ inputs.appname }} 96 | - ${{ inputs.createprofile }} 97 | - ${{ inputs.filepath }} 98 | - ${{ inputs.version }} 99 | - ${{ inputs.vid }} 100 | - ${{ inputs.vkey }} 101 | - ${{ inputs.createsandbox}} 102 | - ${{ inputs.sandboxname }} 103 | - ${{ inputs.scantimeout }} 104 | - ${{ inputs.exclude }} 105 | - ${{ inputs.include }} 106 | - ${{ inputs.criticality }} 107 | - ${{ inputs.pattern }} 108 | - ${{ inputs.replacement }} 109 | - ${{ inputs.sandboxid }} 110 | - ${{ inputs.scanallnonfataltoplevelmodules }} 111 | - ${{ inputs.selected }} 112 | - ${{ inputs.selectedpreviously }} 113 | - ${{ inputs.teams }} 114 | - ${{ inputs.toplevel }} 115 | - ${{ inputs.deleteincompletescan }} 116 | - ${{ inputs.scanpollinginterval }} 117 | - ${{ inputs.javawrapperversion }} 118 | - ${{ inputs.debug }} 119 | - ${{ inputs.includenewmodules }} 120 | - ${{ inputs.maxretrycount }} 121 | -------------------------------------------------------------------------------- /binaries_to_upload/hello.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/veracode/veracode-uploadandscan-action/f7e1fbf02c5c899fba9f12e3f537b62f2f1230e1/binaries_to_upload/hello.jar -------------------------------------------------------------------------------- /binaries_to_upload/hello2.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/veracode/veracode-uploadandscan-action/f7e1fbf02c5c899fba9f12e3f537b62f2f1230e1/binaries_to_upload/hello2.jar -------------------------------------------------------------------------------- /entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh -l 2 | 3 | #required parameters 4 | appname=$1 5 | createprofile=$2 6 | filepath=$3 7 | version=$4 8 | vid=$5 9 | vkey=$6 10 | 11 | #optional parameters 12 | createsandbox=$7 13 | sandboxname=$8 14 | scantimeout=$9 15 | exclude=${10} 16 | include=${11} 17 | criticality=${12} 18 | 19 | pattern=${13} 20 | replacement=${14} 21 | sandboxid=${15} 22 | scanallnonfataltoplevelmodules=${16} 23 | selected=${17} 24 | selectedpreviously=${18} 25 | teams=${19} 26 | toplevel=${20} 27 | deleteincompletescan=${21} 28 | scanpollinginterval=${22} 29 | javawrapperversion=${23} 30 | debug=${24} 31 | includenewmodules=${25} 32 | maxretrycount=${26} 33 | 34 | 35 | echo "Required Information" 36 | echo "====================" 37 | echo "appname: $appname" 38 | echo "createprofile: $createprofile" 39 | echo "filepath: $filepath" 40 | echo "version: $version" 41 | if [ "$vid" ] 42 | then 43 | echo "vid: ***" 44 | else 45 | echo "vid:" 46 | fi 47 | 48 | if [ "$vkey" ] 49 | then 50 | echo "vkey: ***" 51 | else 52 | echo "vkey:" 53 | fi 54 | echo "" 55 | echo "Optional Information" 56 | echo "====================" 57 | echo "createsandbox: $createsandbox" 58 | echo "sandboxname: $8" 59 | echo "scantimeout: $9" 60 | echo "exclude: ${10}" 61 | echo "include: ${11}" 62 | echo "criticality: ${12}" 63 | echo "pattern: ${13}" 64 | echo "replacement: ${14}" 65 | echo "sandboxid: ${15}" 66 | echo "scanallnonfataltoplevelmodules: ${16}" 67 | echo "selected: ${17}" 68 | echo "selectedpreviously: ${18}" 69 | echo "teams: ${19}" 70 | echo "toplevel: ${20}" 71 | echo "deleteincompletescan: ${21}" 72 | echo "scanpollinginterval: ${22}" 73 | echo "javawrapperversion: ${23}" 74 | echo "debug: ${24}" 75 | echo "includenewmodules: ${25}" 76 | echo "maxretrycount: ${26}" 77 | 78 | 79 | #Check if required parameters are set 80 | 81 | if [ -z "$appname" ] || [ -z "$createprofile" ] || [ -z "$filepath" ] || [ -z "$version" ] || [ -z "$vid" ] || [ -z "$vkey" ] 82 | then 83 | echo "Missing required parameter. Please check that all required parameters are set" 84 | exit 1 85 | fi 86 | 87 | 88 | 89 | #required wrapper command 90 | echo "#!/bin/sh -l" > runJava.sh 91 | echo "" 92 | echo "java -jar VeracodeJavaAPI.jar \\ 93 | -filepath $filepath \\ 94 | -version \"$version\" \\ 95 | -action \"uploadandscan\" \\ 96 | -appname \"$appname\" \\ 97 | -vid \"$vid\" \\ 98 | -vkey \"$vkey\" \\" >> runJava.sh 99 | 100 | #create additioanl commands on optional input 101 | 102 | if [ "$createsandbox" == true ] 103 | then 104 | echo " -createsandbox=\"true\" \\" >> runJava.sh 105 | elif [ "$createsandbox" == false ] 106 | then 107 | echo " -createsandbox=\"false\" \\" >> runJava.sh 108 | fi 109 | 110 | if [ "$sandboxname" ] 111 | then 112 | if [ "$sandboxid" ] 113 | then 114 | echo "ERRRO: sandboxname cannot go together with sandboxid" 115 | exit 1 116 | else 117 | echo " -sandboxname \"$sandboxname\" \\" >> runJava.sh 118 | fi 119 | fi 120 | 121 | if [ "$scantimeout" ] 122 | then 123 | echo " -scantimeout \"$scantimeout\" \\" >> runJava.sh 124 | fi 125 | 126 | if [ "$exclude" ] 127 | then 128 | if [ "$selectedpreviously" ] || [ "$toplevel" ] || [ "$selected" ] || [ "$selectedpreviously" ] 129 | then 130 | echo "ERROR: exclude cannot go together with selectedpreviously, toplevel, selected, selectedpreviously" 131 | exit 1 132 | else 133 | echo " -exclude \"$exclude\" \\" >> runJava.sh 134 | fi 135 | fi 136 | 137 | if [ "$include" ] 138 | then 139 | if [ "$selectedpreviously" ] || [ "$toplevel" ] || [ "$selected" ] || [ "$selectedpreviously" ] 140 | then 141 | echo "ERROR: include cannot go together with selectedpreviously, toplevel, selected, selectedpreviously" 142 | exit 1 143 | else 144 | echo " -include \"$include\" \\" >> runJava.sh 145 | fi 146 | fi 147 | 148 | if [ -z "$include" ] && [ -z "$exclude" ] 149 | then 150 | echo " -autoscan \"true\" \\" >> runJava.sh 151 | fi 152 | 153 | if [ "$criticality" ] 154 | then 155 | echo " -criticality \"$criticality\" \\" >> runJava.sh 156 | fi 157 | 158 | if [ "$pattern" ] 159 | then 160 | if [ "$replacement" ] 161 | then 162 | echo " -pattern \"$pattern\" \\" >> runJava.sh 163 | else 164 | echo "ERROR: pattern always need the replacement parameter as well" 165 | exit 1 166 | fi 167 | 168 | fi 169 | 170 | if [ "$replacement" ] 171 | then 172 | if [ "$pattern" ] 173 | then 174 | echo " -replacement \"$replacement\" \\" >> runJava.sh 175 | else 176 | echo "ERROR: replacement always need the pattern parameter as well" 177 | exit 1 178 | fi 179 | fi 180 | 181 | if [ "$sandboxid" ] 182 | then 183 | if [ "$sandboxname" ] 184 | then 185 | echo "ERROR: sandboxid cannot got together with sandboxname" 186 | exit 1 187 | else 188 | echo " -sandboxid \"$sandboxid\" \\" >> runJava.sh 189 | fi 190 | fi 191 | 192 | if [ "$scanallnonfataltoplevelmodules" ] 193 | then 194 | echo " -scanallnonfataltoplevelmodules \"$scanallnonfataltoplevelmodules\" \\" >> runJava.sh 195 | fi 196 | 197 | if [ "$selected" ] 198 | then 199 | if [ "$selectedpreviously" ] || [ "$toplevel" ] || [ "$scanallnonfataltoplevelmodules" ] || [ "$exclude" ] || [ "$include" ] 200 | then 201 | echo "ERROR: selected cannot go together with selectedpreviously, toplevel, scanallnonfataltoplevelmodules, exclude, include" 202 | exit 1 203 | else 204 | echo " -selectedpreviously \"$selectedpreviously\" \\" >> runJava.sh 205 | fi 206 | fi 207 | 208 | if [ "$selectedpreviously" ] 209 | then 210 | if [ "$selected" ] || [ "$toplevel" ] || [ "$scanallnonfataltoplevelmodules" ] || [ "$exclude" ] || [ "$include" ] 211 | then 212 | echo "ERROR: selectedpreviously cannot go together with selected, toplevel, scanallnonfataltoplevelmodules, exclude, include" 213 | exit 1 214 | else 215 | echo " -selectedpreviously \"$selectedpreviously\" \\" >> runJava.sh 216 | fi 217 | fi 218 | 219 | if [ "$teams" ] 220 | then 221 | echo " -teams \"$teams\" \\" >> runJava.sh 222 | fi 223 | 224 | if [ "$toplevel" ] 225 | then 226 | if [ "$selected" ] || [ "$selectedpreviously" ] || [ "$scanallnonfataltoplevelmodules" ] || [ "$exclude" ] || [ "$include" ] 227 | then 228 | echo "ERROR: toplevel cannot go together with selected, selectedpreviously, scanallnonfataltoplevelmodules, exclude, include" 229 | exit 1 230 | else 231 | echo " -toplevel \"$toplevel\" \\" >> runJava.sh 232 | fi 233 | fi 234 | 235 | if [ "$deleteincompletescan" ] 236 | then 237 | echo " -deleteincompletescan \"$deleteincompletescan\" \\" >> runJava.sh 238 | fi 239 | 240 | 241 | if [ "$scanpollinginterval" ] 242 | then 243 | echo " -scanpollinginterval \"$scanpollinginterval\" \\" >> runJava.sh 244 | fi 245 | 246 | 247 | echo " -createprofile \"$createprofile\" \\" >> runJava.sh 248 | 249 | if [ "$javawrapperversion" ] 250 | then 251 | javawrapperversion=$javawrapperversion 252 | else #fetch latest wrapper version from Maven 253 | javawrapperversion=$(curl https://repo1.maven.org/maven2/com/veracode/vosp/api/wrappers/vosp-api-wrappers-java/maven-metadata.xml | grep latest | cut -d '>' -f 2 | cut -d '<' -f 1) 254 | fi 255 | 256 | echo "javawrapperversion: $javawrapperversion" 257 | 258 | if [ "$debug" ] 259 | then 260 | echo " -debug \"$debug\" \\" >> runJava.sh 261 | fi 262 | 263 | if [ "$includenewmodules" ] # 264 | then 265 | echo " -includenewmodules \"$includenewmodules\" \\" >> runJava.sh 266 | fi 267 | 268 | if [ "$maxretrycount" ] 269 | then 270 | echo " -maxretrycount \"$maxretrycount\" \\" >> runJava.sh 271 | fi 272 | 273 | curl -sS -o VeracodeJavaAPI.jar "https://repo1.maven.org/maven2/com/veracode/vosp/api/wrappers/vosp-api-wrappers-java/$javawrapperversion/vosp-api-wrappers-java-$javawrapperversion.jar" 274 | chmod 777 runJava.sh 275 | cat runJava.sh 276 | ./runJava.sh 277 | --------------------------------------------------------------------------------