inteligr8/alfresco-transform-core
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-transform-core.git synced 2025-05-26 17:24:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

ACS-6305 Fix Pipeline scan detecting 3rd party libraries (#956)

Browse Source 
ACS-6305 Fix Pipeline scan detecting 3rd party libraries
This commit is contained in:
mikolajbrzezinski 2024-05-15 13:04:22 +02:00 committed by GitHub
parent d9e9adcf49
commit cf34781062
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
.github/workflows/ci.yml vendored
View File

@ -83,7 +83,17 @@ jobs:
- name: "Build"
run: mvn -B -U install -DskipTests
- name: "Create zip"
run: zip -r to-scan.zip engines/aio/target/alfresco-transform-core-aio-*.jar engines/base/target/alfresco-base-t-engine-*.jar model/target/alfresco-transform-model-*.jar
run: |
mkdir -p to-scan
for file in engines/aio/target/alfresco-transform-core-aio-*.jar engines/base/target/alfresco-base-t-engine-*.jar model/target/alfresco-transform-model-*.jar
do
if [[ $file != *javadoc.jar ]] && [[ $file != *sources.jar ]] && [[ $file != *tests.jar ]]; then
mv "$file" to-scan/
fi
done
# Removing the aspectjweaver and bouncycastle jars from the scan, since Veracode detects them as 1st party code and fails the scan. TO BE REVERTED ONCE VERACODE FIXES THE ISSUE
zip -d to-scan/alfresco-transform*.jar "BOOT-INF/lib/bcmail-jdk18on-*.jar" "BOOT-INF/lib/bcprov-jdk18on-*.jar" "BOOT-INF/lib/aspectjweaver*.jar"
zip -r to-scan.zip to-scan
- name: "Run SAST Scan"
uses: veracode/Veracode-pipeline-scan-action@v1.0.10
with:
@ -98,6 +108,7 @@ jobs:
summary_output_file: results.json
summary_display: true
baseline_file: baseline.json
include: "to-scan/alfresco*"
- name: Upload scan result
if: success() || failure()
run: zip readable_output.zip results.json