A Github Action for running a Veracode scan to perform Dynamic Application Security Testing (DAST).

The Veracode DAST Essentials will run a security scan against the scan target that belongs to the given webhook. You can optionally wait for the security scan to finish and download the report as JUnit XML file for further processing or simply start the security scan.

WARNING This action will perform attacks on the scan target. You must only run this security scan on targets where you have the permission to run such an attack.

Required Webhook Secret of the Veracode DAST Essentials Scan Target.

Required Veracode API Secret ID.

Required Region.

The region of Veracode DAST Essentials.

• eu - for domain veracode.eu
• us - for domain veracode.com

Required Veracode API Secret ID.

Flag whether the report should be downloaded as JUnit XML file. Default "false".

    - name: Veracode DAST Essentials Action Step
      id: veracode
      uses: veracode/[email protected]
      with:
        VERACODE_WEBHOOK: '${{ secrets.VERACODE_WEBHOOK }}'
        VERACODE_SECRET_ID: '${{ secrets.VERACODE_SECRET_ID }}'
        VERACODE_SECRET_ID_KEY: '${{ secrets.VERACODE_SECRET_ID_KEY }}'
        REGION: '${{ secrets.REGION }}'
        pull-report: 'true'

In order to display the test results as annotations, use any action that parses the JUnit XML file. You may use e.g. https://github.com/marketplace/actions/junit-report.

- name: Publish Test Report
  uses: mikepenz/action-junit-report@v1
  with:
    report_paths: 'report.xml'
    github_token: ${{ secrets.GITHUB_TOKEN }}