Releases: veracode/veracode-dast-action
Releases · veracode/veracode-dast-action
Add Load Results Functionality and Restructure Codebase
🎉 New Features
Dual Functionality Support
This release introduces a major enhancement that extends the action to support two distinct operation modes:
- Start Scan Mode (
action_type: start-scan) - The original functionality to kick off Veracode DAST scans - Load Results Mode (
action_type: load-results) - NEW: Automatically download DAST findings and create/update GitHub issues
Load Results Functionality
The new load-results mode provides comprehensive issue management for DAST findings:
- Automatic Issue Creation: Creates GitHub issues for new DAST findings
- Issue Lifecycle Management:
- Automatically opens/closes issues based on finding status (OPEN/CLOSED)
- Handles resolution status (APPROVED/REJECTED)
- Closes issues when findings are no longer present in scan results
- Annotation Support:
- Converts Veracode annotations (APPROVED, REJECTED, NETENV, etc.) to GitHub issue comments
- Prevents duplicate comments with intelligent duplicate detection
- Automatically closes/reopens issues based on annotation actions
- Smart Duplicate Detection: Uses
[VID:issue_id]format to identify and update existing issues
Enhanced Labeling System
- Severity Labels: Updated to match
veracode-flaws-to-issuesformat:VeracodeFlaw: Very High(severity 5)VeracodeFlaw: High(severity 4)VeracodeFlaw: Medium(severity 3)VeracodeFlaw: Low(severity 2)VeracodeFlaw: Very Low(severity 1)VeracodeFlaw: Informational(severity 0)
- CWE Labels: Automatically creates
CWE-{id}labels for each vulnerability type - DAST Label: Adds
veracode-dastlabel to all DAST findings
📝 New Parameters
action_type(required): Choose betweenstart-scanorload-resultsprofile_name(required forload-results): Veracode Application Profile Name to fetch findings from
🔧 Code Improvements
- Restructured Codebase:
- Moved scan functionality to
src/scan/folder - Created new
src/results/folder for results processing - Maintained shared
api/,namespaces/, andservices/folders
- Moved scan functionality to
- Enhanced Authentication: Fixed HMAC authentication for all API calls
- Better Error Handling: Improved error messages and debugging information
- URL Encoding: Properly handles profile names with special characters and spaces
📚 Documentation
- Updated README: Comprehensive documentation for both action types
- Usage Examples: Added examples for both
start-scanandload-resultsmodes - Feature Documentation: Detailed explanation of issue lifecycle and annotation handling
🐛 Bug Fixes
- Fixed authentication issues with Veracode API calls
- Fixed URL encoding for profile names with spaces
- Improved error handling for API responses
⚠️ Breaking Changes
action_typeparameter is now required: All workflows must specify eitherstart-scanorload-results- Conditional parameters:
dast_config_file_nameis now only required forstart-scanprofile_nameis now required forload-results
- Label format changed: Severity labels now use
VeracodeFlaw: {Severity}format instead ofseverity-{level}
🔄 Migration Guide
To migrate from v1.x to v2.0:
-
For existing start-scan workflows, add
action_type: start-scan:- uses: veracode/veracode-dast-action@v2 with: action_type: start-scan # ... rest of your existing parameters
-
For new load-results workflows, use:
- uses: veracode/veracode-dast-action@v2 with: action_type: load-results profile_name: YourApplicationName # ... rest of parameters
-
Update label filters if you're filtering by severity labels - the format has changed
update logos
update logos
update logo
update logo
smaller updates
smaller updates
add default values
adding default values to the action
Initial release
Initial release of the Veracode DAST action