diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 00000000..dd84ea78 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,38 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: '' +assignees: '' + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Screenshots** +If applicable, add screenshots to help explain your problem. + +**Desktop (please complete the following information):** + - OS: [e.g. iOS] + - Browser [e.g. chrome, safari] + - Version [e.g. 22] + +**Smartphone (please complete the following information):** + - Device: [e.g. iPhone6] + - OS: [e.g. iOS8.1] + - Browser [e.g. stock browser, safari] + - Version [e.g. 22] + +**Additional context** +Add any other context about the problem here. diff --git a/README.md b/README.md index eaee2c1b..0532de29 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,11 @@ # Vulnado - Intentionally Vulnerable Java Application This application and exercises will take you through some of the OWASP top 10 Vulnerabilities and how to prevent them. +Hello. +Hello Again! +Hello there! +me again on branch this time! +Me again!! ## Up and running diff --git a/veracode.yml b/veracode.yml new file mode 100644 index 00000000..fc172b7b --- /dev/null +++ b/veracode.yml @@ -0,0 +1,81 @@ +veracode_static_scan: + # Please only specify trigger:true for either push event or + # pull request event. Specifying both will only execute push event. + # Leaving them both false means this will never run + push: + trigger: true + # Please only specify either branches_to_run or branches_to_exclude + # Entering both will only execute branches_to_run + # Leaving them both blank means this will never run + branches_to_run: + - '*' + branches_to_exclude: + pull_request: + trigger: true + action: + - opened + - synchronize + target_branch: + - default_branch + # What branch would you like to use for platform analysis + # By selecting a branch here - Veracode will save your last scan result + # As an App Profile - given the current name of your scanned repo + # Use 'none' if you would not like any scans saved to the platform + analysis_branch: ENTER_BRANCH_NAME_HERE + #If the break_build_policy_findings is set to true, the build will break if the pipeline scan finds any policy violations. + break_build_policy_findings: true + #If the break_build_on_error is set to true, the build will break if the scan failed to complete in time or with an error. + break_build_on_error: false + #If the break_build_on_policy_error is set to true, this is the error message that will be displayed if the pipeline scan fails to complete in time or with an error. + error_message: "Veracode SAST scan faced a problem. Please contact your Veracode administrator for more information. If you are a Veracode administrator, please contact Veracode support." + policy: 'Veracode Recommended Medium + SCA' + compile_locally: false + local_compilation_workflow: na + profile: klynch-profile-change + +veracode_sca_scan: + # Please only specify trigger:true for either push event or + # pull request event. Specifying both will only execute push event. + # Leaving them both false means this will never run + push: + trigger: true + branches_to_run: + - '*' + branches_to_exclude: + pull_request: + trigger: true + action: + - opened + - synchronize + target_branch: + - default_branch + #If the break_build_policy_findings is set to true, the build will break if the SCA scan finds any policy violations. + break_build_policy_findings: true + #If the break_build_on_error is set to true, the build will break if the scan failed to complete, no libraries found, no build system found or on any other error. + break_build_on_error: true + #If the break_build_on_policy_error is set to true, this is the error message that will be displayed if the SCA scan fails to complete, no libraries found, no build system found or on any other error. + error_message: "Veracode SCA scan faced a problem. Please contact your Veracode administrator for more information. If you are a Veracode administrator, please contact Veracode support." + +veracode_iac_secrets_scan: + # Please only specify trigger:true for either push event or + # pull request event. Specifying both will only execute push event. + # Leaving them both false means this will never run + push: + trigger: true + branches_to_run: + - '*' + branches_to_exclude: + pull_request: + trigger: true + action: + - opened + - synchronize + target_branch: + - default_branch + #If the break_build_policy_findings is set to true, the build will break if the IaC/Secrets scan finds any policy violations. + break_build_policy_findings: true + #If the break_build_on_error is set to true, the build will break if the scan failed to complete, no libraries found or on any other error. + break_build_on_error: true + #If the break_build_on_policy_error is set to true, this is the error message that will be displayed if the IaC/Secrets scan fails to complete, no libraries found or on any other error. + error_message: "Veracode SCA scan faced a problem. Please contact your Veracode administrator for more information. If you are a Veracode administrator, please contact Veracode support." +