Skip to content
/ veracode-static-bom Public

Get a quick list of modules with findings identified by a Veracode static scan.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tjarrettveracode/veracode-static-bom

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.github/workflows
.github/workflows
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
license
license
 
 
requirements.txt
requirements.txt
 
 
vcstaticbom.py
vcstaticbom.py
 
 

Repository files navigation

Veracode Static BOM

Get a quick list of modules with findings identified by a Veracode static scan.

Setup

NOTE: This script requires Python 3!

Clone this repository:

git clone https://github.com/tjarrettveracode/veracode-static-bom

Install dependencies:

cd veracode-static-bom
pip install -r requirements.txt

(Optional) Save Veracode API credentials in ~/.veracode/credentials

[default]
veracode_api_key_id = <YOUR_API_KEY_ID>
veracode_api_key_secret = <YOUR_API_KEY_SECRET>

Run

If you have saved credentials as above you can run:

python vcstaticbom.py (arguments)

Otherwise you will need to set environment variables:

export VERACODE_API_KEY_ID=<YOUR_API_KEY_ID>
export VERACODE_API_KEY_SECRET=<YOUR_API_KEY_SECRET>
python vcstaticbom.py (arguments)

Arguments supported include:

  • --appid, -a (opt): application guid for which to list a bill of materials.
  • --all, -l (opt): If set, checks all applications.

NOTES

  1. Initial version of the script only reports on modules found in policy scans.
  2. All values are output to vcstaticbom.csv

About

Get a quick list of modules with findings identified by a Veracode static scan.

Topics

veracode

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages