added script for Veracode Agent-Based Scan Software Composition Analysis

.travis.yml

@@ -108,8 +108,7 @@ jobs:
 
     - name: "Source Clear Scan (SCA)"
       stage: Security Scans
-      script:
+      script: travis_wait 30 bash scripts/source_clear.sh
-       - echo "Source Clear Scan (SCA)"
     - name: "Static Analysis (SAST)"
       stage: Security Scans
       script:

scripts/source_clear.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+# fail script immediately on any errors in external commands and print the lines
+set -ev
+
+mvn -B -q clean install \
+    -DskipTests \
+    -Dmaven.javadoc.skip=true \
+    com.srcclr:srcclr-maven-plugin:scan \
+    -Dcom.srcclr.apiToken=$SRCCLR_API_TOKEN > scan.log
+
+SUCCESS=$?   # this will read exit code of the previous command
+
+cat scan.log | grep -e 'Full Report Details' -e 'Failed'
+
+exit ${SUCCESS}