veracode-ci
v0.2.6
Published
Veracode client for triggering scans in Continuous Integration
Downloads
40
Readme
Veracode CI
Goal: Provide a command-line tool to use in NPM scripts for triggering Veracode scans in a CI/CD setting.
Usage
Prerequisites
- Have
VERA_ID
andVERA_KEY
environment variables defined with valid Veracode API Credentials
Setup in NPM Project
Install as a dev dependency
npm i -D veracode-ci
In the
scripts
block of your package.json, add a veracode script{ ... "scripts": { ... "veracode": "veracode --sandbox --appName=<your-veracode-app-name>" }, ... }
Run the veracode script
npm run veracode
Excluding Folders/Files
Additionally, you can specify your own excludes. By default, this package zips up everything in the current-working-directory of your project (where the package.json is) excluding the node_modules folder. You can overwrite this excludes by adding a comma-delimited value like so:
veracode --sandbox --appName=<your-veracode-app-name> --excludes='node_modules/**/*,lib/**/*'
Command-line Options
| FLAG | VALUE | DESCRIPTION |
|------|-------|-------------|
|sandbox
|none|Trigger a veracode scan in a sandbox under a provided (existing) app
|excludes
|comma-delimited string|Override what folders/files are excluded from the project for scanning. Defaults to node_modules/**/*
.
|appId
|integer|Veracode App ID to run the scans under. Must have appId OR appName specified
|appName
|string|Veracode App Name to run the scans under. Must have appId OR appName specified
|scanAllNonfatalTopLevelModules
|true or false|See Veracode doc for beginprescan.do
|autoScan
|true or false|See Veracode doc for beginprescan.do