forked from IGDEXE/Verademo
-
Notifications
You must be signed in to change notification settings - Fork 1
/
.travis.yml
29 lines (25 loc) · 1.2 KB
/
.travis.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
language: java
env:
- DATE = `date + "%Y-%m-%d-%H%M"`
jobs:
inclue:
- stage: "Build Java app with Maven"
name: "build"
script: mvn clean package
- stage: "Veracode SCA - Software Composition Analisys"
name: "Veracode SCA - Software Composition Analisys"
addons:
srcclr: true
- stage: "Veracode SAST - Pipeline Scan"
name: "Veracode SAST - Pipeline Scan"
before_script:
- curl -sSO https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip
- unzip -o pipeline-scan-LATEST.zip
script:
- java -jar pipeline-scan.jar -vid $VeracodeID -vkey $VeracodeKey -f target/verademo.war --issue_details true || true
- stage: "Veracode Upload And Scan"
name: "Veracode Upload And Scan"
before_script:
- curl -L -o VeracodeJavaAPI.jar https://repo1.maven.org/maven2/com/veracode/vosp/api/wrappers/vosp-api-wrappers-java/23.4.11.2/vosp-api-wrappers-java-23.4.11.2.jar
script:
- java -jar VeracodeJavaAPI.jar -vid $VeracodeID -vkey $VeracodeKey -action uploadandscan -appname "TravisCi-VeraDemo" -createprofile true -filepath target/verademo.war -version "$TRAVIS_JOB_ID - $TRAVIS_JOB_NUMBER $DATE"