Merge pull request #662 from Alfresco/feature/add_agent_based_scanning

SCA setup
2025-05-19 17:15:24 +00:00 · 2024-04-04 15:49:03 +02:00 · 2024-04-04 15:49:03 +02:00 · 340785180d
commit 340785180d
parent 4f70d0f575 2bc06e4222
2 changed files with 20 additions and 0 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -28,6 +28,23 @@ jobs:
    steps:
      - uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@v1.35.0

+  veracode_sca:
+    name: "Veracode - Source Clear Scan (SCA)"
+    runs-on: ubuntu-latest
+    if: >
+      github.ref_name == 'master' ||
+      github.event_name == 'pull_request'
+    steps:
+      - uses: actions/checkout@v3
+      - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v1.34.0
+      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v1.34.0
+      - name: "Clean-up SNAPSHOT artifacts"
+        run: find "${HOME}/.m2/repository/" -type d -name "*-SNAPSHOT*" | xargs -r -l rm -rf
+      - uses: Alfresco/alfresco-build-tools/.github/actions/veracode@v1.34.0
+        continue-on-error: true
+        with:
+          srcclr-api-token: ${{ secrets.SRCCLR_API_TOKEN }}
+
  build:
    name: "Build application"
    runs-on: ubuntu-latest
--- a/srcclr.yml
+++ b/srcclr.yml
@ -0,0 +1,3 @@
+# To avoid the provided dependencies we set the scope to runtime. See: https://docs.veracode.com/r/c_sc_scan_directives
+# runtime: to restrict the scan to compile and runtime dependencies.
+scope: runtime