From ca632710b179eea8e43909a32c2e49d3bfd0054f Mon Sep 17 00:00:00 2001 From: Santhosh Kesavan Date: Tue, 13 Jan 2026 15:15:34 +0530 Subject: [PATCH 1/3] SDEVX-9687: Enable debug and IAC scan issue --- .gitlab-ci.yml | 2 +- utility/utils.js | 73 +++++++----------------- veracode-scans/iac-scan/iac-scan.js | 6 +- veracode-scans/pipeline-scan/pipeline.js | 11 ++-- veracode-scans/policy-scan/policy.js | 11 ++-- veracode-scans/policy-scan/sandbox.js | 9 +-- veracode-scans/sca-scan/sca-scan.js | 6 +- veracode.yml | 2 + veracodeScan.js | 11 ++-- 9 files changed, 54 insertions(+), 77 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 592acca..143a2a1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -108,7 +108,7 @@ Auto Package: - git -C ${PROJECT_PATH} checkout ${COMMIT_SHA} - cd $(basename -s .git ${CLONE_URL}) - cd ../../ - - ${CLI_FOLDER}/veracode package --source clonePath/* --output $ARTIFACTS_FOLDER --trust --debug + - '[ "$DEBUG" = "true" ] && ${CLI_FOLDER}/veracode package --source clonePath/* --output "$ARTIFACTS_FOLDER" --trust --verbose || ${CLI_FOLDER}/veracode package --source clonePath/* --output "$ARTIFACTS_FOLDER" --trust' <<: *artifacts_template rules: - if: '$EXECUTE_PIPELINE == "true" || $EXECUTE_POLICY == "true" || $EXECUTE_IAC == "true" || $EXECUTE_SANDBOX == "true"' diff --git a/utility/utils.js b/utility/utils.js index e44b285..3f7b0ba 100644 --- a/utility/utils.js +++ b/utility/utils.js @@ -402,12 +402,10 @@ function iacResult(scanResult){ let IaCVulnerabilities = extractIaCVulnerabilities(scanResult); let IaCMisconfigurations = extractIaCMisconfigurations(scanResult); let IaCSecrets = extractIaCSecrets(scanResult); - let IaCPolicyResults = extractIaCPolicyResults(scanResult); output += IaCVulnerabilities; output += IaCMisconfigurations; output += IaCSecrets; - output += IaCPolicyResults; return output; } @@ -431,16 +429,17 @@ function extractIaCVulnerabilities(scanResult){ INSTALLED : result.artifact.version, FIXED_IN : result.vulnerability.fix.versions[0] || "N/A", TYPE : result.artifact.type, + MESSAGE : result.vulnerability.description })); formattedVulnerabilities.sort((a, b) => severityRank[b.SEVERITY] - severityRank[a.SEVERITY]); output+= '
\n'+ 'Vulnerability Scan Details\n\n'+ - '| Severity | Name | Vulnerability | Installed | Fixed-In | Type |\n' + - '| -------- | -------- | ------------- | --------- | --------------| ----------- |\n'; + '| Severity | Name | Vulnerability | Installed | Fixed-In | Type | Message |\n' + + '| -------- | -------- | ------------- | --------- | --------------| ----------- | -------------- |\n'; formattedVulnerabilities.forEach((result) => { - output += `| ${result.SEVERITY} | ${result.NAME} | ${result.VULNERABILITY} | ${result.INSTALLED} | ${result["FIXED_IN"]} | ${result.TYPE} |\n`; + output += `| ${result.SEVERITY} | ${result.NAME} | ${result.VULNERABILITY} | ${result.INSTALLED} | ${result["FIXED_IN"]} | ${result.TYPE} | ${result.MESSAGE} |\n`; }); output += '\n
\n'; @@ -449,9 +448,9 @@ function extractIaCVulnerabilities(scanResult){ function extractIaCMisconfigurations(scanResults) { let output = ""; - const Misconfigurations = scanResults?.configs?.Results?.[0]?.Misconfigurations; + const Misconfigurations = scanResults?.configs; - if (!Misconfigurations || Misconfigurations.length === 0) { + if (Misconfigurations.length === 0) { output += "\n
\n"; output += "Misconfiguration Details\n\n"; output += "No Misconfigurations found.\n"; @@ -464,19 +463,21 @@ function extractIaCMisconfigurations(scanResults) { TITLE : result.Title, ID : result.ID, PROVIDER : result.CauseMetadata.Provider, + MESSAGE : result.Message === "No issues found" ? "-" : result.Message })); formattedData.sort((a, b) => severityRank[b.SEVERITY] - severityRank[a.SEVERITY]); output += '\n
\n' + 'Misconfiguration Details\n\n' + - '| SEVERITY | TITLE | ID | PROVIDER |\n' + - '| ------- | -------- | ----- | ---------|\n'; + '| SEVERITY | TITLE | ID | PROVIDER | MESSAGE |\n' + + '| ------- | -------- | ----- | --------- | -------------- |\n'; formattedData.forEach((result) => { output += `| ${result.SEVERITY} ` + `| ${result.TITLE} ` + `| ${result.ID} ` + - `| Line ${result.PROVIDER} |\n`; + `| Line ${result.PROVIDER} `+ + `| ${result.MESSAGE} |\n` }); output += '\n
\n'; @@ -485,9 +486,9 @@ function extractIaCMisconfigurations(scanResults) { function extractIaCSecrets(scanResult){ let output = ""; - const IacSecreteData = scanResult?.secrets?.Results || []; + const IacSecreteData = scanResult?.secrets || []; - if(!IacSecreteData || IacSecreteData.length == 0 ){ + if(IacSecreteData.length == 0){ output += "\n
\n"; output += "Secrets Scan Details\n"; output += "No Secrets found.\n"; @@ -496,59 +497,25 @@ function extractIaCSecrets(scanResult){ } const formattedIacSecret = IacSecreteData.map((result) => ({ - SEVERITY : result.Secrets[0].Severity, - SECRET_TYPE : result.Secrets[0].Title, - FILE : result.Target + SEVERITY : result.Severity, + SECRET_TYPE : result.Title, + FILE : result.Target, + MESSAGE : result.Match })); formattedIacSecret.sort((a, b) => severityRank[b.SEVERITY] - severityRank[a.SEVERITY]); output+= '
\n'+ 'Secrets Scan Details\n\n'+ - '| Severity | SECRET_TYPE | FILE |\n' + - '| -------- | ----------- | -------------|\n'; + '| Severity | SECRET_TYPE | FILE | MESSAGE |\n' + + '| -------- | ----------- | ------------- | ----------------- |\n'; formattedIacSecret.forEach((result) => { - output += `| ${result.SEVERITY} | ${result.SECRET_TYPE} | ${result.FILE} |\n`; + output += `| ${result.SEVERITY} | ${result.SECRET_TYPE} | ${result.FILE} | ${result.MESSAGE} |\n`; }); output += '\n
\n'; return output; } -function extractIaCPolicyResults(scanResult){ - let output = ""; - const IacPolicyResult = scanResult?.["policy-results"][0]?.failures || []; - - if(!IacPolicyResult|| IacPolicyResult.length == 0 ){ - output += "
\n"; - output += "Policy Evaluation Details\n"; - output += "No Policy found.\n"; - output += "
\n"; - return output; - } - - const formattedIacPolicyResult = IacPolicyResult.map((result) => { - const severityMatch = result.msg.match(/Found (Critical|High|Medium|Low|Very_low|Informational)/); - const ghsaMatch = result.msg.match(/GHSA-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}/); - return { - SEVERITY : severityMatch ? severityMatch[1] : "Unknown", - VULNERABILITY : ghsaMatch ? ghsaMatch[0] : "Unknown", - MESSAGE : result.msg // Or extract this from the message if it varies - }; - }); - formattedIacPolicyResult.sort((a, b) => severityRank[b.SEVERITY] - severityRank[a.SEVERITY]); - - output+= '
\n'+ - 'Policy Evaluation Details\n\n'+ - '| SEVERITY | VULNERABILITY | MESSAGE |\n' + - '| -------- | ----------- | -------------|\n'; - formattedIacPolicyResult.forEach((result) => { - output += `| ${result.SEVERITY} | ${result.VULNERABILITY} | ${result.MESSAGE} |\n`; - }); - output += '\n
'; - - return output; -} - module.exports = { processStaticResultsXML, attacheResult, diff --git a/veracode-scans/iac-scan/iac-scan.js b/veracode-scans/iac-scan/iac-scan.js index 700f959..6f4bad1 100644 --- a/veracode-scans/iac-scan/iac-scan.js +++ b/veracode-scans/iac-scan/iac-scan.js @@ -4,7 +4,7 @@ const { exitOnFailure, updateErrorMessage, uploadArtifact } = require('../../uti const execa = require('execa'); const displayScanResult = require('../../displayScanResult'); -async function iacScan(sourceBranch, breakBuildOnFinding, breakBuildOnError, userErrorMessage) { +async function iacScan(sourceBranch, breakBuildOnFinding, breakBuildOnError, userErrorMessage, debug) { const veracodeDir = path.dirname(require.main.filename); const veracodeCliPath = path.resolve(veracodeDir, 'veracode-cli'); const veracodeExecutable = path.join(veracodeCliPath, 'veracode'); @@ -28,7 +28,7 @@ async function iacScan(sourceBranch, breakBuildOnFinding, breakBuildOnError, use '--type', 'directory', '--format', 'json', '--output', 'results.json', - '--verbose' + ...(debug === "true" ? ['--verbose'] : []) ], { reject: false, @@ -47,7 +47,7 @@ async function iacScan(sourceBranch, breakBuildOnFinding, breakBuildOnError, use '--type', 'directory', '--format', 'table', '--output', 'results.txt', - '--verbose' + ...(debug === "true" ? ['--verbose'] : []) ], { reject: false, diff --git a/veracode-scans/pipeline-scan/pipeline.js b/veracode-scans/pipeline-scan/pipeline.js index 096f9a7..ad673ff 100644 --- a/veracode-scans/pipeline-scan/pipeline.js +++ b/veracode-scans/pipeline-scan/pipeline.js @@ -9,7 +9,7 @@ const pipelineScanIssue = require('../../veracode-issues/pipelineScanIssue'); const displayScanResult = require('../../displayScanResult'); const { execSync } = require('child_process'); -async function pipelineScan(apiId, apiKey, appProfileName, filterMitigatedFlaws, breakBuildOnFinding, breakBuildOnError, userErrorMessage, policyName, breakBuildOnInvalidPolicy, createIssue) { +async function pipelineScan(apiId, apiKey, appProfileName, filterMitigatedFlaws, breakBuildOnFinding, breakBuildOnError, userErrorMessage, policyName, breakBuildOnInvalidPolicy, createIssue, debug) { const veracodeArtifactsDir = path.join(__dirname, '../../veracode-artifacts'); try { @@ -30,7 +30,7 @@ async function pipelineScan(apiId, apiKey, appProfileName, filterMitigatedFlaws, const artifacts = await fs.promises.readdir(veracodeArtifactsDir); const scanResults = await Promise.all( artifacts.map((artifact) => - executePipelineScan(veracodeArtifactsDir, artifact, apiId, apiKey) + executePipelineScan(veracodeArtifactsDir, artifact, apiId, apiKey, debug) ) ); @@ -122,15 +122,16 @@ async function pipelineScan(apiId, apiKey, appProfileName, filterMitigatedFlaws, } } -async function executePipelineScan(veracodeArtifactsDir, artifactName, apiId, apiKey) { +async function executePipelineScan(veracodeArtifactsDir, artifactName, apiId, apiKey, debug) { const pipelineResultFileName = `${artifactName}-` + appConfig().pipelineScanFile; const filteredResultFileName = `${artifactName}-` + appConfig().filteredScanFile; try { const artifactFilePath = path.join(veracodeArtifactsDir, artifactName); const pipelineScanJarPath = path.join(__dirname, 'pipeline-scan.jar'); - const pipelineScanCommand = `java -jar ${pipelineScanJarPath} -vid ${apiId} -vkey ${apiKey} -f ${artifactFilePath} -jf ${pipelineResultFileName} -fjf ${filteredResultFileName}`; - + let pipelineScanCommand = `java -jar ${pipelineScanJarPath} -vid ${apiId} -vkey ${apiKey} -f ${artifactFilePath} -jf ${pipelineResultFileName} -fjf ${filteredResultFileName}`; + if(debug === "true") + pipelineScanCommand += ' -V true'; execSync(pipelineScanCommand, { stdio: 'inherit' }); return { artifact: artifactName, success: true, results: [] }; } catch (error) { diff --git a/veracode-scans/policy-scan/policy.js b/veracode-scans/policy-scan/policy.js index bb7a1b0..124f539 100644 --- a/veracode-scans/policy-scan/policy.js +++ b/veracode-scans/policy-scan/policy.js @@ -9,7 +9,7 @@ const policyScanIssue = require('../../veracode-issues/policyScanIssue'); const displayScanResult = require('../../displayScanResult'); const exitStatus = true; -async function policyScan(apiId, apiKey, appName, buildId, policyName, teams, createprofile, breakBuildOnFinding, breakBuildOnError, userErrorMessage, breakBuildOnInvalidPolicy, createIssue, repoUrl) { +async function policyScan(apiId, apiKey, appName, buildId, policyName, teams, createprofile, breakBuildOnFinding, breakBuildOnError, userErrorMessage, breakBuildOnInvalidPolicy, createIssue, repoUrl, debug) { try { const invalidPolicy = await veracodePolicyVerification(apiId, apiKey, policyName, breakBuildOnInvalidPolicy); if (invalidPolicy) { @@ -29,7 +29,7 @@ async function policyScan(apiId, apiKey, appName, buildId, policyName, teams, cr } try { - const result = await triggerPolicyScan(apiId, apiKey, policyResult, resApp, veracodeArtifactsDir, buildId, breakBuildOnError, userErrorMessage, createIssue); + const result = await triggerPolicyScan(apiId, apiKey, policyResult, resApp, veracodeArtifactsDir, buildId, breakBuildOnError, userErrorMessage, createIssue, debug); if (result.status === STATUS.Findings) { exitOnFailure(breakBuildOnFinding); } @@ -48,10 +48,12 @@ async function policyScan(apiId, apiKey, appName, buildId, policyName, teams, cr } } -async function triggerPolicyScan(apiId, apiKey, policyResult, resApp, artifactFilePath, buildId, breakBuildOnError, userErrorMessage, createIssue) { +async function triggerPolicyScan(apiId, apiKey, policyResult, resApp, artifactFilePath, buildId, breakBuildOnError, userErrorMessage, createIssue, debug) { console.log(`Veracode: Policy scan executing...`); // let policyScanCommand = `java -jar ${__dirname}/api-wrapper-LATEST/VeracodeJavaAPI.jar -action UploadAndScanByAppId -vid ${apiId} -vkey ${apiKey} -appid ${resApp?.appId} -filepath ${artifactFilePath} -version "${buildId}" -scanpollinginterval 30 - include -autoscan false -scanallnonfataltoplevelmodules false`; let debugCommand = `java -jar ${__dirname}/api-wrapper-LATEST/VeracodeJavaAPI.jar -action UploadAndScanByAppId -vid *** -vkey *** -appid ${resApp?.appId} -filepath ${artifactFilePath} -version "${buildId}" -scanpollinginterval 30 - include -autoscan true -scanallnonfataltoplevelmodules true -includenewmodules true -deleteincompletescan 2`; + if(debug === "true") + debugCommand += ' -debug true'; let scan_id = ''; try { console.log(`Command to execute the policy scan : ${debugCommand}`); @@ -68,7 +70,8 @@ async function triggerPolicyScan(apiId, apiKey, policyResult, resApp, artifactFi '-autoscan', 'true', '-scanallnonfataltoplevelmodules', 'true', '-includenewmodules', 'true', - '-deleteincompletescan', '2' + '-deleteincompletescan', '2', + ...(debug === "true" ? ['-debug', 'true'] : []) ]; const { stdout } = await execa('java', args); diff --git a/veracode-scans/policy-scan/sandbox.js b/veracode-scans/policy-scan/sandbox.js index 6a5cbf5..eb58943 100644 --- a/veracode-scans/policy-scan/sandbox.js +++ b/veracode-scans/policy-scan/sandbox.js @@ -5,7 +5,7 @@ const { getVeracodeApplication, veracodePolicyVerification } = require('../../ut const execa = require('execa'); const { exitOnFailure } = require('../../utility/utils'); -async function sandboxScan(apiId, apiKey, sourceBranch, policyName, teams, createprofile, buildId, appName, breakBuildOnInvalidPolicy, repoUrl) { +async function sandboxScan(apiId, apiKey, sourceBranch, policyName, teams, createprofile, buildId, appName, breakBuildOnInvalidPolicy, repoUrl, debug) { let resApp; try { const invalidPolicy = await veracodePolicyVerification(apiId, apiKey, policyName, breakBuildOnInvalidPolicy); @@ -32,14 +32,14 @@ async function sandboxScan(apiId, apiKey, sourceBranch, policyName, teams, creat } try { - triggerSandboxScan(apiId, apiKey, resApp, veracodeArtifactsDir, sourceBranch, buildId); + triggerSandboxScan(apiId, apiKey, resApp, veracodeArtifactsDir, sourceBranch, buildId, debug); } catch (error) { console.log(`Error while executing sandbox scan on ${sourceBranch} branch: `, error); return; } } -async function triggerSandboxScan(apiId, apiKey, resApp, artifactFilePath, sourceBranch, buildId) { +async function triggerSandboxScan(apiId, apiKey, resApp, artifactFilePath, sourceBranch, buildId, debug) { const sandboxName = `${veracodeConfig().sandboxScanName}${sourceBranch}`; const args = [ '-jar', `${__dirname}/api-wrapper-LATEST/VeracodeJavaAPI.jar`, @@ -56,7 +56,8 @@ async function triggerSandboxScan(apiId, apiKey, resApp, artifactFilePath, sourc '-autoscan', 'true', '-scanallnonfataltoplevelmodules', 'true', '-includenewmodules', 'true', - '-deleteincompletescan', '2' + '-deleteincompletescan', '2', + ...(debug === "true" ? ['-debug', 'true'] : []) ]; try { diff --git a/veracode-scans/sca-scan/sca-scan.js b/veracode-scans/sca-scan/sca-scan.js index d1ce28f..2948e99 100644 --- a/veracode-scans/sca-scan/sca-scan.js +++ b/veracode-scans/sca-scan/sca-scan.js @@ -4,9 +4,11 @@ const { attacheResult, exitOnFailure, updateErrorMessage } = require('../../util const scaScanIssue = require('../../veracode-issues/scaScanIssue'); const displayScanResult = require('../../displayScanResult'); -async function scaScan(clone_url, scaAgenToken, scaUrl, sourceBranch, breakBuildOnFinding, breakBuildOnError, userErrorMessage, createIssue) { +async function scaScan(clone_url, scaAgenToken, scaUrl, sourceBranch, breakBuildOnFinding, breakBuildOnError, userErrorMessage, createIssue, debug) { try { - const command = `curl -sSL https://download.sourceclear.com/ci.sh | sh -s -- scan --url ${clone_url} --ref ${sourceBranch} --recursive --allow-dirty`; + let command = `curl -sSL https://download.sourceclear.com/ci.sh | sh -s -- scan --url ${clone_url} --ref ${sourceBranch} --recursive --allow-dirty`; + if(debug === "true") + command += ' --debug'; const output = execSync(command, { encoding: 'utf-8', env: { ...process.env, SRCCLR_API_TOKEN: scaAgenToken, SRCCLR_API_URL: scaUrl }, maxBuffer: 1024 * 1024 * 10 }); const jsonCommand = `curl -sSL https://download.sourceclear.com/ci.sh | sh -s -- scan --url ${clone_url} --ref ${sourceBranch} --json=scaScan.json --recursive --allow-dirty`; const jsonOutput = execSync(jsonCommand, { encoding: 'utf-8', env: { ...process.env, SRCCLR_API_TOKEN: scaAgenToken, SRCCLR_API_URL: scaUrl }, maxBuffer: 1024 * 1024 * 10 }); diff --git a/veracode.yml b/veracode.yml index 1cfc039..3c64803 100644 --- a/veracode.yml +++ b/veracode.yml @@ -1,3 +1,5 @@ +debug: + false veracode_static_scan: push: trigger: true diff --git a/veracodeScan.js b/veracodeScan.js index 8d65e65..615fe36 100644 --- a/veracodeScan.js +++ b/veracodeScan.js @@ -35,18 +35,19 @@ async function veracodeScan() { const breakBuildOnInvalidPolicy = process.env.BREAK_BUILD_ON_INVALID_POLICY || false; const repoUrl = process.env.PROJECT_URL; + const debug = process.env.DEBUG; if (executePipeline) { console.log(`Executing pipeline scan on ${projectName} repo for ${sourceBranch} branch`); - await pipelineScan(apiId, appKey, appProfileName, filterMitigatedFlaws, breakBuildOnFinding, breakBuildOnError, userErrorMessage, policyName, breakBuildOnInvalidPolicy, createIssue); + await pipelineScan(apiId, appKey, appProfileName, filterMitigatedFlaws, breakBuildOnFinding, breakBuildOnError, userErrorMessage, policyName, breakBuildOnInvalidPolicy, createIssue, debug); } if (executeSandbox) { console.log(`Executing sandbox scan on ${projectName} repo for ${sourceBranch} branch`); - sandboxScan(apiId, appKey, sourceBranch, policyName, '', createProfile, ciPipelineId, appProfileName, breakBuildOnInvalidPolicy, repoUrl) + sandboxScan(apiId, appKey, sourceBranch, policyName, '', createProfile, ciPipelineId, appProfileName, breakBuildOnInvalidPolicy, repoUrl, debug) } if (executePolicy) { console.log(`Executing policy scan on ${projectName} repo for ${sourceBranch} branch`); - await policyScan(apiId, appKey, appProfileName, ciPipelineId, policyName, '', createProfile, breakBuildOnFinding, breakBuildOnError, userErrorMessage, breakBuildOnInvalidPolicy, createIssue, repoUrl); + await policyScan(apiId, appKey, appProfileName, ciPipelineId, policyName, '', createProfile, breakBuildOnFinding, breakBuildOnError, userErrorMessage, breakBuildOnInvalidPolicy, createIssue, repoUrl, debug); } if (executeRemoveSandbox) { console.log(`Executing removed sandbox scan on ${projectName} repo for ${sourceBranch} branch`); @@ -54,11 +55,11 @@ async function veracodeScan() { } if (executeSca) { console.log(`Executing sca scan on ${projectName} repo for ${sourceBranch} branch`); - await scaScan(sourceRepoCloneUrl, scaAgenToken, scaUrl, sourceBranch, breakBuildOnFinding, breakBuildOnError, userErrorMessage, createIssue); + await scaScan(sourceRepoCloneUrl, scaAgenToken, scaUrl, sourceBranch, breakBuildOnFinding, breakBuildOnError, userErrorMessage, createIssue, debug); } if (executeIac) { console.log(`Executing iac scan on ${projectName} repo for ${sourceBranch} branch`); - await iacScan(sourceBranch, breakBuildOnFinding, breakBuildOnError, userErrorMessage) + await iacScan(sourceBranch, breakBuildOnFinding, breakBuildOnError, userErrorMessage, debug) } } veracodeScan(); From ae8d751c658a66aa98417f1d8658a1d8fd2fcc3f Mon Sep 17 00:00:00 2001 From: Santhosh Kesavan Date: Thu, 15 Jan 2026 11:01:29 +0530 Subject: [PATCH 2/3] iac debug log changes and review comments --- .gitlab-ci.yml | 7 ++++++- veracode-scans/iac-scan/iac-scan.js | 2 ++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 143a2a1..e76efda 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -108,7 +108,12 @@ Auto Package: - git -C ${PROJECT_PATH} checkout ${COMMIT_SHA} - cd $(basename -s .git ${CLONE_URL}) - cd ../../ - - '[ "$DEBUG" = "true" ] && ${CLI_FOLDER}/veracode package --source clonePath/* --output "$ARTIFACTS_FOLDER" --trust --verbose || ${CLI_FOLDER}/veracode package --source clonePath/* --output "$ARTIFACTS_FOLDER" --trust' + - | + if [ "$DEBUG" = "true" ]; then + ${CLI_FOLDER}/veracode package --source clonePath/* --output "$ARTIFACTS_FOLDER" --trust --verbose + else + ${CLI_FOLDER}/veracode package --source clonePath/* --output "$ARTIFACTS_FOLDER" --trust + fi <<: *artifacts_template rules: - if: '$EXECUTE_PIPELINE == "true" || $EXECUTE_POLICY == "true" || $EXECUTE_IAC == "true" || $EXECUTE_SANDBOX == "true"' diff --git a/veracode-scans/iac-scan/iac-scan.js b/veracode-scans/iac-scan/iac-scan.js index 6f4bad1..a2806e5 100644 --- a/veracode-scans/iac-scan/iac-scan.js +++ b/veracode-scans/iac-scan/iac-scan.js @@ -51,6 +51,8 @@ async function iacScan(sourceBranch, breakBuildOnFinding, breakBuildOnError, use ], { reject: false, + stderr: 'inherit', + stdout: 'inherit', env: { VERACODE_API_KEY_ID: process.env.VERACODE_API_ID, VERACODE_API_KEY_SECRET: process.env.VERACODE_API_KEY From 82f0623be5c40c3d515d75539c3a69819c5e7776 Mon Sep 17 00:00:00 2001 From: Santhosh Kesavan Date: Mon, 19 Jan 2026 16:57:43 +0530 Subject: [PATCH 3/3] removed the build step for IAC scan --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e76efda..da08cdf 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -116,7 +116,7 @@ Auto Package: fi <<: *artifacts_template rules: - - if: '$EXECUTE_PIPELINE == "true" || $EXECUTE_POLICY == "true" || $EXECUTE_IAC == "true" || $EXECUTE_SANDBOX == "true"' + - if: '$EXECUTE_PIPELINE == "true" || $EXECUTE_POLICY == "true" || $EXECUTE_SANDBOX == "true"' when: always .veracode_scan: &veracode_scan