0.2.6 • Published 8 months ago
veracode-ci v0.2.6
Veracode CI
Goal: Provide a command-line tool to use in NPM scripts for triggering Veracode scans in a CI/CD setting.
Usage
Prerequisites
- Have
VERA_IDandVERA_KEYenvironment variables defined with valid Veracode API Credentials
Setup in NPM Project 1. Install as a dev dependency
```bash
npm i -D veracode-ci
```- In the
scriptsblock of your package.json, add a veracode script{ ... "scripts": { ... "veracode": "veracode --sandbox --appName=<your-veracode-app-name>" }, ... } - Run the veracode script
npm run veracode
Excluding Folders/Files
Additionally, you can specify your own excludes. By default, this package zips up everything in the current-working-directory of your project (where the package.json is) excluding the node_modules folder. You can overwrite this excludes by adding a comma-delimited value like so:
veracode --sandbox --appName=<your-veracode-app-name> --excludes='node_modules/**/*,lib/**/*'Command-line Options
| FLAG | VALUE | DESCRIPTION |
|---|---|---|
sandbox | none | Trigger a veracode scan in a sandbox under a provided (existing) app |
excludes | comma-delimited string | Override what folders/files are excluded from the project for scanning. Defaults to node_modules/**/*. |
appId | integer | Veracode App ID to run the scans under. Must have appId OR appName specified |
appName | string | Veracode App Name to run the scans under. Must have appId OR appName specified |
scanAllNonfatalTopLevelModules | true or false | See Veracode doc for beginprescan.do |
autoScan | true or false | See Veracode doc for beginprescan.do |