From 2bc06e4222b6aaeaa15713c117ec0252b785a72f Mon Sep 17 00:00:00 2001
From: mstrankowski <marcin.strankowski@hyland.com>
Date: Thu, 4 Apr 2024 15:01:34 +0200
Subject: [PATCH] SCA setup

---
 .github/workflows/ci.yml | 17 +++++++++++++++++
 srcclr.yml               |  3 +++
 2 files changed, 20 insertions(+)
 create mode 100644 srcclr.yml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index ed97e9dc..4a759638 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -28,6 +28,23 @@ jobs:
     steps:
       - uses: Alfresco/alfresco-build-tools/.github/actions/pre-commit@v1.35.0
 
+  veracode_sca:
+    name: "Veracode - Source Clear Scan (SCA)"
+    runs-on: ubuntu-latest
+    if: >
+      github.ref_name == 'master' ||
+      github.event_name == 'pull_request'
+    steps:
+      - uses: actions/checkout@v3
+      - uses: Alfresco/alfresco-build-tools/.github/actions/get-build-info@v1.34.0
+      - uses: Alfresco/alfresco-build-tools/.github/actions/setup-java-build@v1.34.0
+      - name: "Clean-up SNAPSHOT artifacts"
+        run: find "${HOME}/.m2/repository/" -type d -name "*-SNAPSHOT*" | xargs -r -l rm -rf
+      - uses: Alfresco/alfresco-build-tools/.github/actions/veracode@v1.34.0
+        continue-on-error: true
+        with:
+          srcclr-api-token: ${{ secrets.SRCCLR_API_TOKEN }}
+
   build:
     name: "Build application"
     runs-on: ubuntu-latest
diff --git a/srcclr.yml b/srcclr.yml
new file mode 100644
index 00000000..cd68c5bb
--- /dev/null
+++ b/srcclr.yml
@@ -0,0 +1,3 @@
+# To avoid the provided dependencies we set the scope to runtime. See: https://docs.veracode.com/r/c_sc_scan_directives
+# runtime: to restrict the scan to compile and runtime dependencies.
+scope: runtime
\ No newline at end of file