From 6a69611d1397699e4e783ede6f53c01d171e55c1 Mon Sep 17 00:00:00 2001
From: Jamal Kaabi-Mofrad <jamal.kaabimofrad@alfresco.com>
Date: Fri, 10 Dec 2021 14:10:03 +0000
Subject: [PATCH] ACS-2352: Added Veracode agent-based scanning integration.

---
 .travis.yml                             | 7 +++++++
 _ci/{sourceclear.sh => source_clear.sh} | 6 +++++-
 srcclr.yml                              | 3 +++
 3 files changed, 15 insertions(+), 1 deletion(-)
 rename _ci/{sourceclear.sh => source_clear.sh} (78%)
 create mode 100644 srcclr.yml

diff --git a/.travis.yml b/.travis.yml
index 9448b7d5..e21dfc28 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -26,6 +26,8 @@ branches:
     - /^ACS-.*$/
 
 stages:
+  - name: Veracode Scan
+    if: branch = master
   - build and test
   - release
   - company_release
@@ -34,6 +36,11 @@ before_install: bash _ci/init.sh
 
 jobs:
   include:
+    - stage: Veracode Scan
+      name: "Veracode - Source Clear Scan (SCA)"
+      install: skip
+      script: travis_wait 30 bash _ci/source_clear.sh
+
     - stage: Build and Test
       name: "Core & Base Snapshot deployment" # This is to separate the snapshot deployment from the following jobs, to prevent duplication on nexus
       if: branch = master AND type != pull_request
diff --git a/_ci/sourceclear.sh b/_ci/source_clear.sh
similarity index 78%
rename from _ci/sourceclear.sh
rename to _ci/source_clear.sh
index 5ad4a376..6ab40f79 100644
--- a/_ci/sourceclear.sh
+++ b/_ci/source_clear.sh
@@ -9,10 +9,14 @@ mvn -B -q clean install \
     -DskipTests \
     -Dmaven.javadoc.skip=true \
     com.srcclr:srcclr-maven-plugin:scan \
-    -Dcom.srcclr.apiToken=$SRCCLR_API_TOKEN > scan.log
+    -Dcom.srcclr.apiToken=${SRCCLR_API_TOKEN} > scan.log
 
 SUCCESS=$?   # this will read exit code of the previous command
 
+if [ -z "$VERACODE_FAILS_BUILD" ] || [ "$VERACODE_FAILS_BUILD" = false ] ; then
+    SUCCESS=0
+fi
+
 cat scan.log | grep -e 'Full Report Details' -e 'Failed'
 
 popd
diff --git a/srcclr.yml b/srcclr.yml
new file mode 100644
index 00000000..cd68c5bb
--- /dev/null
+++ b/srcclr.yml
@@ -0,0 +1,3 @@
+# To avoid the provided dependencies we set the scope to runtime. See: https://docs.veracode.com/r/c_sc_scan_directives
+# runtime: to restrict the scan to compile and runtime dependencies.
+scope: runtime
\ No newline at end of file