ATS-468 : Add Veracode (SAST & SCA) scans to Transform Service Travis builds (#188)

- add SCA & SAST
   - use wildcards to reference jars' locations - a single static scan will be triggered
   - use sandbox based on git branch
   - use maven plugin for source clear scans
   - filter logs

_ci/sourceclear.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+echo "=========================== Starting SourceClear Script ==========================="
+PS4="\[\e[35m\]+ \[\e[m\]"
+set +e -v -x
+pushd "$(dirname "${BASH_SOURCE[0]}")/../"
+
+mvn -B -q clean install \
+    -DskipTests \
+    -Dmaven.javadoc.skip=true \
+    com.srcclr:srcclr-maven-plugin:scan \
+    -Dcom.srcclr.apiToken=$SRCCLR_API_TOKEN > scan.log
+
+SUCCESS=$?   # this will read exit code of the previous command
+
+cat scan.log | grep -e 'Full Report Details' -e 'Failed'
+
+popd
+set +vex
+echo "=========================== Finishing SourceClear Script =========================="
+
+exit ${SUCCESS}