0.2.6 • Published 8 months ago
veracode-ci v0.2.6
Veracode CI
Goal: Provide a command-line tool to use in NPM scripts for triggering Veracode scans in a CI/CD setting.
Usage
Prerequisites
- Have
VERA_ID
andVERA_KEY
environment variables defined with valid Veracode API Credentials
Setup in NPM Project 1. Install as a dev dependency
```bash
npm i -D veracode-ci
```
- In the
scripts
block of your package.json, add a veracode script{ ... "scripts": { ... "veracode": "veracode --sandbox --appName=<your-veracode-app-name>" }, ... }
- Run the veracode script
npm run veracode
Excluding Folders/Files
Additionally, you can specify your own excludes. By default, this package zips up everything in the current-working-directory of your project (where the package.json is) excluding the node_modules folder. You can overwrite this excludes by adding a comma-delimited value like so:
veracode --sandbox --appName=<your-veracode-app-name> --excludes='node_modules/**/*,lib/**/*'
Command-line Options
FLAG | VALUE | DESCRIPTION |
---|---|---|
sandbox | none | Trigger a veracode scan in a sandbox under a provided (existing) app |
excludes | comma-delimited string | Override what folders/files are excluded from the project for scanning. Defaults to node_modules/**/* . |
appId | integer | Veracode App ID to run the scans under. Must have appId OR appName specified |
appName | string | Veracode App Name to run the scans under. Must have appId OR appName specified |
scanAllNonfatalTopLevelModules | true or false | See Veracode doc for beginprescan.do |
autoScan | true or false | See Veracode doc for beginprescan.do |