updated the version for action-helper

shailesh-veracode · shailesh-veracode · commit ef5d102cccae · 2024-04-01T14:15:45.000+05:30
diff --git a/.github/workflows/binary-ready-veracode-sast-pipeline-scan.yml b/.github/workflows/binary-ready-veracode-sast-pipeline-scan.yml
@@ -30,7 +30,7 @@ jobs:
     steps:
       - name: Verify Veracode API credentials
         id: verify_api_creds
-        uses: veracode/github-actions-integration-helper@v0.1.0
+        uses: veracode/github-actions-integration-helper@v0.1.1
         with:
           action: validateVeracodeApiCreds
           token: ${{ github.event.client_payload.token }}
@@ -43,7 +43,7 @@ jobs:
       - name: Verify Policy name
         id: verify_policy_name
         if: success()
-        uses: veracode/github-actions-integration-helper@v0.1.0
+        uses: veracode/github-actions-integration-helper@v0.1.1
         with:
           action: validatePolicyName
           token: ${{ github.event.client_payload.token }}
@@ -89,7 +89,7 @@ jobs:
       - name: Veracode Pipeline Results
         if: always()
         id: prepare-results
-        uses: Veracode/github-actions-integration-helper@main
+        uses: Veracode/github-actions-integration-helper@feature/DXS-358
         with:
           action: 'preparePipelineResults'
           token: ${{ github.event.client_payload.token }}
diff --git a/.github/workflows/binary-ready-veracode-sast-policy-scan.yml b/.github/workflows/binary-ready-veracode-sast-policy-scan.yml
@@ -30,7 +30,7 @@ jobs:
     steps:
       - name: Verify Veracode API credentials
         id: verify_api_creds
-        uses: veracode/github-actions-integration-helper@v0.1.0
+        uses: veracode/github-actions-integration-helper@v0.1.1
         with:
           action: validateVeracodeApiCreds
           token: ${{ github.event.client_payload.token }}
@@ -43,7 +43,7 @@ jobs:
       - name: Verify Policy name
         id: verify_policy_name
         if: success()
-        uses: veracode/github-actions-integration-helper@v0.1.0
+        uses: veracode/github-actions-integration-helper@v0.1.1
         with:
           action: validatePolicyName
           token: ${{ github.event.client_payload.token }}
@@ -94,7 +94,7 @@ jobs:
       - name: Veracode Policy Results
         id: prepare-results
         if: always()
-        uses: Veracode/github-actions-integration-helper@main
+        uses: Veracode/github-actions-integration-helper@v0.1.1
         with:
           action: 'preparePolicyResults'
           token: ${{ github.event.client_payload.token }}
diff --git a/.github/workflows/binary-ready-veracode-sast-sandbox-scan.yml b/.github/workflows/binary-ready-veracode-sast-sandbox-scan.yml
@@ -30,7 +30,7 @@ jobs:
     steps:
       - name: Verify Veracode API credentials
         id: verify_api_creds
-        uses: veracode/github-actions-integration-helper@v0.1.0
+        uses: veracode/github-actions-integration-helper@v0.1.1
         with:
           action: validateVeracodeApiCreds
           token: ${{ github.event.client_payload.token }}
@@ -43,7 +43,7 @@ jobs:
       - name: Verify Policy name
         id: verify_policy_name
         if: success()
-        uses: veracode/github-actions-integration-helper@v0.1.0
+        uses: veracode/github-actions-integration-helper@v0.1.1
         with:
           action: validatePolicyName
           token: ${{ github.event.client_payload.token }}
diff --git a/.github/workflows/flaws_report.yml b/.github/workflows/flaws_report.yml
@@ -0,0 +1,121 @@
+name: Veracode Flaws Report
+
+on:
+  workflow_call:
+    inputs:
+      policy_name:
+        required: true
+        type: string
+      owner:
+        required: true
+        type: string
+      repo:
+        required: true
+        type: string
+      sha:
+        required: true
+        type: string
+      token:
+        required: true
+        type: string
+      ref:
+        required: true
+        type: string
+      create_code_scanning_alert:
+        required: true
+        type: boolean
+      create_issue:
+        required: true
+        type: boolean
+      check_run_id:
+        required: true
+        type: string
+      source_repository:
+          required: true
+          type: string
+      profile_name:
+          required: true
+          type: string
+      break_build_policy_findings: 
+          required: true
+          type: string
+      break_build_on_error: 
+          required: true
+          type: string
+      filter_mitigated_flaws: 
+          required: true
+          type: string
+      language:
+        required: true
+        type: string
+
+jobs:
+  code-scanning-alert:
+      needs: pipeline_scan
+      runs-on: ubuntu-latest
+      if: ${{ inputs.create_code_scanning_alert && always() }}
+      name: Create code scanning alerts
+      steps:
+        - name: Get scan results
+          uses: actions/download-artifact@v4
+          with:
+            name: "Veracode Pipeline-Scan Mitigated Filtered Results"
+
+        - name: Convert pipeline scan output to SARIF format for java language
+          if: inputs.language == 'Java'
+          uses: Veracode/veracode-pipeline-scan-results-to-sarif@master
+          with:
+            pipeline-results-json: filtered_results.json
+            output-results-sarif: veracode-results.sarif
+            repo_owner: ${{ inputs.owner }}
+            repo_name: ${{ inputs.repo }}
+            commitSHA: ${{ inputs.sha }}
+            ref: ${{ inputs.ref }}
+            githubToken: ${{ inputs.token }}
+            source-base-path-1: 'com/:src/main/java/com/'
+            source-base-path-2: 'WEB-INF:src/main/webapp/WEB-INF'
+
+        - name: Convert pipeline scan output to SARIF format for non java language
+          if: inputs.language != 'Java'
+          uses: Veracode/veracode-pipeline-scan-results-to-sarif@master
+          with:
+            pipeline-results-json: filtered_results.json
+            output-results-sarif: veracode-results.sarif
+            repo_owner: ${{ inputs.owner }}
+            repo_name: ${{ inputs.repo }}
+            commitSHA: ${{ inputs.sha }}
+            ref: ${{ inputs.ref }}
+            githubToken: ${{ inputs.token }}
+
+    create-issues:
+      needs: pipeline_scan
+      runs-on: ubuntu-latest
+      if: ${{ inputs.create_issue && always() }}
+      name: Create issues
+      steps:
+        - name: Get scan results
+          uses: actions/download-artifact@v4
+          with:
+            name: 'Veracode Pipeline-Scan Mitigated Filtered Results'
+
+        - name: Create flaws as issues for java language
+          if: inputs.language == 'Java'
+          uses: veracode/veracode-flaws-to-issues@v2.2.24
+          with:
+            scan-results-json: 'filtered_results.json'
+            repo_owner: ${{ inputs.owner }}
+            github-token: ${{ inputs.token }}
+            repo_name: ${{ inputs.repo }}
+            commitHash: ${{ inputs.sha }}
+            source_base_path_1: 'com/:src/main/java/com/'
+            source_base_path_2: 'WEB-INF:src/main/webapp/WEB-INF'
+
+        - name: Create flaws as issues for non java language
+          if: inputs.language != 'Java'
+          uses: veracode/veracode-flaws-to-issues@v2.2.24
+          with:
+            scan-results-json: 'filtered_results.json'
+            repo_owner: ${{ inputs.owner }}
+            repo_name: ${{ inputs.repo }}
+            github-token: ${{ inputs.token }}
+            commitHash: ${{ inputs.sha }}
diff --git a/.github/workflows/veracode-code-analysis.yml b/.github/workflows/veracode-code-analysis.yml
@@ -59,7 +59,7 @@ jobs:
     steps:
       - name: Verify Veracode API credentials
         id: verify_api_creds
-        uses: veracode/github-actions-integration-helper@v0.1.0
+        uses: veracode/github-actions-integration-helper@v0.1.1
         with:
           action: validateVeracodeApiCreds
           token: ${{ github.event.client_payload.token }}
@@ -72,7 +72,7 @@ jobs:
       - name: Verify Policy name
         id: verify_policy_name
         if: success()
-        uses: veracode/github-actions-integration-helper@v0.1.0
+        uses: veracode/github-actions-integration-helper@v0.1.1
         with:
           action: validatePolicyName
           token: ${{ github.event.client_payload.token }}
diff --git a/.github/workflows/veracode-iac-secrets-scan.yml b/.github/workflows/veracode-iac-secrets-scan.yml
@@ -30,7 +30,7 @@ jobs:
     steps:
       - name: Verify Veracode API credentials
         id: verify_api_creds
-        uses: veracode/github-actions-integration-helper@v0.1.0
+        uses: veracode/github-actions-integration-helper@v0.1.1
         with:
           action: validateVeracodeApiCreds
           token: ${{ github.event.client_payload.token }}
diff --git a/.github/workflows/veracode-policy-scan.yml b/.github/workflows/veracode-policy-scan.yml
@@ -93,7 +93,7 @@ jobs:
       - name: Veracode Policy Results
         id: prepare-results
         if: always()
-        uses: Veracode/github-actions-integration-helper@main
+        uses: Veracode/github-actions-integration-helper@v0.1.1
         with:
           action: 'preparePolicyResults'
           token: ${{ inputs.token }}
diff --git a/.github/workflows/veracode-remove-sandbox.yml b/.github/workflows/veracode-remove-sandbox.yml
@@ -34,7 +34,7 @@ jobs:
     runs-on: ubuntu-latest
     name: Remove Sandbox
     steps:
-      - uses: veracode/github-actions-integration-helper@v0.1.0
+      - uses: veracode/github-actions-integration-helper@v0.1.1
         with:
           action: 'removeSandbox'
           vid: ${{ secrets.VERACODE_API_ID }}
