-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathveracode-MB.yml
31 lines (26 loc) · 1.47 KB
/
veracode-MB.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# Para testar, recomendo a utilização do projeto NodeGoat
# Disponivel em: https://github.com/IGDEXE/NodeGoat
trigger:
- master
pool:
vmImage: ubuntu-latest
variables:
veracodeAppProfile: $(Build.DefinitionName)
caminhoPacote: $(Build.ArtifactStagingDirectory)/$(Build.BuildId).zip
veracodeTeams: "DEMOs"
steps:
- task: CmdLine@2
inputs:
script: |
zip -r $(caminhoPacote) . -x '*.svg' '*.pdf' '*.mp4' '*.webm' '*.gif' '*.jpg' '*.ico' '.git/*'
displayName: 'Criando pacote para analise'
- script: |
curl -o veracode-wrapper.jar https://repo1.maven.org/maven2/com/veracode/vosp/api/wrappers/vosp-api-wrappers-java/23.4.11.2/vosp-api-wrappers-java-23.4.11.2.jar
displayName: 'Download Veracode Wrapper'
- script: |
if [ $(Build.SourceBranchName) == 'main' ]; then
java -jar veracode-wrapper.jar -vid $(VERACODE_API_KEY_ID) -vkey $(VERACODE_API_KEY_SECRET) -action uploadandscan -appname $(veracodeAppProfile) -createprofile true -version $(build.buildNumber) -filepath $(caminhoPacote) -scanpollinginterval 30 -scantimeout 55 -teams "$(veracodeTeams)"
else
java -jar veracode-wrapper.jar -vid $(VERACODE_API_KEY_ID) -vkey $(VERACODE_API_KEY_SECRET) -action uploadandscan -appname $(veracodeAppProfile) -createprofile true -version $(build.buildNumber) -filepath $(caminhoPacote) -scanpollinginterval 30 -scantimeout 55 -teams "$(veracodeTeams)" -createsandbox true -sandboxname "$(Build.SourceBranchName)"
fi
displayName: 'Veracode U&S'