veracode

Veracode SAST Packaging Component This component will run the Veracode CLI package command to prepare the repository for static code analysis. Generated artifacts will be stored behind the name veracode-artifacts.

Veracode Container/IaC/Secrets Scanning Component This Veracode Container/IaC/Secrets Scanning Component runs the Veracode-CLI on any GitLab pipeline

About The Container/IaC/Secrets Scanning Component is designed to be used in a CI/CD pipeline to scan a local folder, remote repository, image or archive for 3rd party library vulnerabilities, infrastructure as code misconfigurations and stored secrets.

For more information on Pipeline Scan visit Veracode Help Center Page: https://docs.veracode.com/r/Veracode_Container_Security

Veracode Software Composition Analysis Component This Veracode Software Composition Analysis (agent-based scan) Component will run Veracode SCA agent based SCA solution.

Run the Veracode SCA similar as the script in textual output mode Ability to create issues for identified vulnerabilities without creating duplicates Ability to run the scan on a remote repository Ability to run the scan with the --quick flag

Veracode upload and scan component. This component will run a Veracode static scan as Sandbox scan or as policy scan.

An example project staged to demonstrate the usage of Veracode's SAST scanning tools within CI/CD pipeline.