Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

version: 2
updates:
- package-ecosystem: "" # See documentation for possible values
directory: "/" # Location of package manifests
schedule:
interval: "weekly"
125 changes: 125 additions & 0 deletions .github/workflows/Com traducao.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,125 @@
name: Resultados_PTBR
on:
push:
branches: [ master ]
workflow_dispatch:
jobs:
Download_Wrapper:
runs-on: ubuntu-latest
steps:
- name: Veracode Pipeline Scan
run: |
curl -sSO https://tools.veracode.com/integrations/API-Wrappers/C%23/bin/VeracodeC%23API.zip
unzip VeracodeC%23API.zip
- name: Publicando Artefato
uses: actions/upload-artifact@v2
with:
name: WrapperVeracode
path: VeracodeC#API.exe

Download_XML:
runs-on: windows-latest
needs: Download_Wrapper
steps:
- name: Download Artefato
uses: actions/download-artifact@v2
with:
name: WrapperVeracode
- name: Download XML
env:
veracodeID: ${{ secrets.VID }}
veracodeAPIkey: ${{ secrets.VKEY }}
run: |
# Recebe as infos
[xml]$INFO = $(.\VeracodeC#API.exe -vid "$veracodeID" -vkey "$veracodeAPIkey" -action GetAppList | Select-String -Pattern 'Github Actions - IGDEXE/NodeGoat-JS')
$appID = $INFO.app.app_id
[string]$INFO = .\VeracodeC#API.exe -vid $veracodeID -vkey $veracodeAPIkey -action GetAppBuilds -appid "$appID"
[xml]$INFO = $INFO.Replace(' xmlns=', ' _xmlns=')
$buildINFO = $INFO.SelectSingleNode("//application[@app_id='$appId']")
$buildID = $buildINFO.build.build_id
# Gera o relatorio
$out = .\VeracodeC#API.exe -vid $veracodeID -vkey $veracodeAPIkey -action detailedreport -buildid "$buildID" -outputfilepath "${{ github.run_id }}.xml"
- name: Publicando Artefato
uses: actions/upload-artifact@v2
with:
name: WrapperVeracode
path: ${{ github.run_id }}.xml

Resultados:
runs-on: windows-latest
needs: Download_XML
steps:
- name: Download Artefato
uses: actions/download-artifact@v2
with:
name: pacoteVeracode

- name: Resultado do Scan
run: |
function Traduzir {
param (
[parameter(position=0,Mandatory=$True)]
$texto,
[parameter(position=1)]
$idiomaAlvo = "pt"
)

# Utiliza a API do Google para traduzir
Try {
$Uri = “https://translate.googleapis.com/translate_a/single?client=gtx&sl=auto&tl=$($idiomaAlvo)&dt=t&q=$texto”
$Response = Invoke-RestMethod -Uri $Uri -Method Get
# Retorna o valor traduzido
$traducao = $Response[0].SyncRoot | foreach { $_[0] }
return $traducao
}
Catch {
# Recebe o erro
$ErrorMessage = $_.Exception.Message # Recebe o erro
# Exibe a mensagem de erro
Write-Host "Erro ao traduzir"
Write-host $ErrorMessage
}
}

# Recebendo informacoes
$securityINFO = [xml](Get-Content "${{ github.run_id }}.xml")
$notaLetra = $securityINFO.detailedreport.'static-analysis'.rating
$notaScore = $securityINFO.detailedreport.'static-analysis'.score
$veracodeAppName = $securityINFO.detailedreport.app_name
$numeroVersao = $securityINFO.detailedreport.version
$appID = $securityINFO.detailedreport.app_id
$quemEnviou = $securityINFO.detailedreport.submitter
$politica = $securityINFO.detailedreport.policy_name
$complicanceStatus = $securityINFO.detailedreport.policy_compliance_status
# Exibe os resultados
Write-Host "Resultado do Scan: $numeroVersao"
Write-Host "Nome App: $veracodeAppName - App ID: $appID"
Write-Host "Enviado por: $quemEnviou"
Write-Host "Politica: $politica"
Write-Host "Nota: $notaLetra - Score: $notaScore - Resultado: $complicanceStatus"
Write-Host "Lista dos problemas encontrados:"
# Recebe os leveis e reordena
$levels = $securityINFO.detailedreport.severity.level
[array]::Reverse($levels)
foreach ($level in $levels) {
Write-Host "Prioridade: $level"
# Recebe as informações
$itensCategoria = $securityINFO.detailedreport.severity[$level].category
foreach ($item in $itensCategoria) {
$idCWE = $item.cwe.cweid
$nomeCategoria = $item.categoryname
$descricao = $item.desc.para.text
$recomendacoes = $item.recommendations.para.text
# Faz a tradução
$descricao = Traduzir $descricao
$recomendacoes = Traduzir $recomendacoes
# Exibe o resultado
Write-Host "Categoria: $nomeCategoria - ID CWE: $idCWE"
Write-Host "Descrição: $descricao"
Write-Host " "
Write-Host "Remediação: $recomendacoes"
Write-Host " "
Write-Host " "
}
Write-Host "..."
}
71 changes: 71 additions & 0 deletions .github/workflows/Comparativo.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
name: Comparativo
on:
push:
branches: [ master ]
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Empacotamento dos arquivos
uses: thedoctor0/zip-release@master
with:
filename: 'veracode.zip'
path: .
- name: Publicando Artefato
uses: actions/upload-artifact@v2
with:
name: pacoteVeracode
path: veracode.zip

Veracode_SCA:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Veracode SCA
env:
SRCCLR_API_TOKEN: ${{ secrets.SCA }} # Lembrar de criar as credenciais no Secrets
run: |
curl -sSL 'https://download.sourceclear.com/ci.sh' | bash -s – scan --update-advisor --allow-dirty

Veracode_SAST:
runs-on: ubuntu-latest
needs: build
steps:
- name: Download Artefato
uses: actions/download-artifact@v2
with:
name: pacoteVeracode
- uses: veracode/veracode-uploadandscan-action@master # Faz a analise da Veracode
env:
VID: ${{ secrets.VID }} # Lembrar de criar as credenciais no Secrets
VKEY: ${{ secrets.VKEY }}
AppName: Github Actions - ${{ github.repository }}
with:
vid: '$VID'
vkey: '$VKEY'
criticality: 'VeryHigh'
appname: '$AppName'
scanpollinginterval: 30
scantimeout: 45
filepath: 'veracode.zip'
version: ${{ github.run_id }}

Veracode_PipelineScan:
runs-on: ubuntu-latest
needs: build
steps:
- name: Download Artefato
uses: actions/download-artifact@v2
with:
name: pacoteVeracode
- name: Veracode Pipeline Scan
env:
VID: ${{ secrets.VID }} # Lembrar de criar as credenciais no Secrets
VKEY: ${{ secrets.VKEY }}
CaminhoArquivo: './veracode.zip'
run: |
curl -sSO https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip
unzip pipeline-scan-LATEST.zip
java -jar pipeline-scan.jar -vid $VID -vkey $VKEY -f $CaminhoArquivo --issue_details true
59 changes: 0 additions & 59 deletions .github/workflows/Default.yml

This file was deleted.

6 changes: 0 additions & 6 deletions .github/workflows/PipelineIdeal.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,6 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Use Node.js
uses: actions/setup-node@v2
with:
node-version: '12.x'
- name: Install dependencies
run: npm install
- name: Empacotamento dos arquivos
uses: thedoctor0/zip-release@master
with:
Expand Down
104 changes: 104 additions & 0 deletions .github/workflows/Veracode-Expert.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
name: Veracode_Expert
on:
push:
branches: [ master ]
workflow_dispatch:

jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Empacotamento dos arquivos
uses: thedoctor0/zip-release@master
with:
filename: 'veracode.zip'
path: .
- name: Publicando Artefato
uses: actions/upload-artifact@v2
with:
name: pacoteVeracode
path: veracode.zip

Veracode_SCA:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Veracode SCA
env:
SRCCLR_API_TOKEN: ${{ secrets.SCA }} # Lembrar de criar as credenciais no Secrets
run: |
curl -sSL 'https://download.sourceclear.com/ci.sh' | bash -s – scan --update-advisor --pull-request --allow-dirty

Veracode-container_iac_secrets-scan:
runs-on: ubuntu-latest
name: Veracode Container/IaC/Secrets

steps:
- name: checkout
uses: actions/checkout@v3

- name: Verracode Container/IaC/Secrets action step
uses: veracode/container_iac_secrets_scanning@v1.0.0
with:
vid: ${{ secrets.VeracodeID }}
vkey: ${{ secrets.VeracodeKey }}
command: "scan"
type: "directory"
source: "./"
format: "json"
debug: false
fail_build: true

Veracode_UploadAndScan:
runs-on: ubuntu-latest
needs: build
steps:
- name: Download Artefato
uses: actions/download-artifact@v2
with:
name: pacoteVeracode
- uses: veracode/veracode-uploadandscan-action@master # Faz a analise da Veracode
env:
VeracodeID: ${{ secrets.VeracodeID }} # Lembrar de criar as credenciais no Secrets
VeracodeKey: ${{ secrets.VeracodeKey }}
AppName: Github Actions - ${{ github.repository }}
with:
vid: '$VeracodeID'
vkey: '$VeracodeKey'
criticality: 'VeryHigh'
appname: '$AppName'
createsandbox: true
filepath: 'veracode.zip'
deleteIncompleteScan: false
version: ${{ github.run_id }}

Veracode_PipelineScan:
runs-on: ubuntu-latest
needs: build
steps:
- name: Download Artefato
uses: actions/download-artifact@v2
with:
name: pacoteVeracode
- name: Veracode Pipeline Scan
continue-on-error: true
env:
VID: ${{ secrets.VeracodeID }} # Lembrar de criar as credenciais no Secrets
VKEY: ${{ secrets.VeracodeKey }}
CaminhoArquivo: './veracode.zip'
run: |
curl -sSO https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip
unzip pipeline-scan-LATEST.zip
java -jar pipeline-scan.jar -vid $VID -vkey $VKEY -f $CaminhoArquivo --issue_details true
- name: Converte para o formato SARIF
id: convert
uses: Veracode/veracode-pipeline-scan-results-to-sarif@v1.0.5
with:
pipeline-results-json: results.json
output-results-sarif: veracode-results.sarif
finding-rule-level: "3:1:0"
- name: Publica os resultados
uses: github/codeql-action/upload-sarif@v2
with: # Path to SARIF file relative to the root of the repository
sarif_file: veracode-results.sarif
Loading