-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.gitlab-ci.yml
41 lines (35 loc) · 1.23 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
stages:
- build
- static-scan
- sca-scan
- container-scan
build_app:
image: maven:3.6.3-openjdk-8
stage: build
script:
- mvn -f app clean package
artifacts:
paths:
- app/target/verademo.war
veracode_static_scan:
image: veracode/api-wrapper-java:latest
stage: static-scan
script:
# the scan WILL fail, so just fire and forget
- java -jar /opt/veracode/api-wrapper.jar -vid $VERACODE_API_KEY_ID -vkey $VERACODE_API_KEY_SECRET
-action UploadAndScan -appname "Verademo" -createprofile false
-filepath app/target/verademo.war -version "Commit ${CI_COMMIT_SHA:0:8} - Job $CI_JOB_ID"
allow_failure: true
# the above steps are the bare minimum.
# below are some additional steps that are commonplace
veracode_sca_scan:
image: maven:3.6.3-openjdk-8
stage: sca-scan
script:
- curl -sSL https://download.sourceclear.com/ci.sh | sh -s -- scan app
veracode_container_scan:
image: maven:3.6.3-openjdk-8
stage: container-scan
script:
- curl -fsS https://tools.veracode.com/veracode-cli/install | sh
- ./veracode scan --type directory --source . --format table