an example of a GitHub action for initiating a Veracode pipeline scan and returning the results.json as code scanning alerts in GitHub's Security tab
This is an example
- The Veracode pipeline scan analysis workflow runs on commit, takes the artifact from your build and submits it to the Veracode pipeline scan service
- The results.json ouput is transformed into SARIF
- The SARIF report is submitted to GitHub via the
github/codeql-action/upload-sarifaction
- Setup an API users for your Veracode account
- Implement this action
- Push a commit
- Observe any results being represented as a security alert
- ..