From 6f189c081ef34c7afb5a4874250eae4a51127730 Mon Sep 17 00:00:00 2001 From: Karen Lynch <22330747+karenlynch@users.noreply.github.com> Date: Mon, 5 Feb 2024 12:34:15 -0500 Subject: [PATCH 1/9] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index eaee2c1b..533e8d19 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ # Vulnado - Intentionally Vulnerable Java Application This application and exercises will take you through some of the OWASP top 10 Vulnerabilities and how to prevent them. +Hello. ## Up and running From 146c5eee960dd057f11f24da8d48de58a4648515 Mon Sep 17 00:00:00 2001 From: Karen Lynch <22330747+karenlynch@users.noreply.github.com> Date: Mon, 5 Feb 2024 12:57:25 -0500 Subject: [PATCH 2/9] Update issue templates --- .github/ISSUE_TEMPLATE/bug_report.md | 38 ++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 00000000..dd84ea78 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,38 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: '' +assignees: '' + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Screenshots** +If applicable, add screenshots to help explain your problem. + +**Desktop (please complete the following information):** + - OS: [e.g. iOS] + - Browser [e.g. chrome, safari] + - Version [e.g. 22] + +**Smartphone (please complete the following information):** + - Device: [e.g. iPhone6] + - OS: [e.g. iOS8.1] + - Browser [e.g. stock browser, safari] + - Version [e.g. 22] + +**Additional context** +Add any other context about the problem here. From c4790cf964ac5d349680d43887c7c2d2f3146180 Mon Sep 17 00:00:00 2001 From: Karen Lynch <22330747+karenlynch@users.noreply.github.com> Date: Fri, 26 Apr 2024 11:46:24 -0400 Subject: [PATCH 3/9] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 533e8d19..2146fad1 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,7 @@ This application and exercises will take you through some of the OWASP top 10 Vulnerabilities and how to prevent them. Hello. +Hello Again! ## Up and running From 370d436c8e7f7cd3828e907de75520f26b60d8c9 Mon Sep 17 00:00:00 2001 From: Karen Lynch <22330747+karenlynch@users.noreply.github.com> Date: Fri, 26 Apr 2024 12:24:38 -0400 Subject: [PATCH 4/9] Update README.md hello there! --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 2146fad1..b0dd6a7a 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,7 @@ This application and exercises will take you through some of the OWASP top 10 Vulnerabilities and how to prevent them. Hello. Hello Again! +Hello there! ## Up and running From e3d2c4c3ace98057e0077f63364c13b687ef8617 Mon Sep 17 00:00:00 2001 From: Karen Lynch <22330747+karenlynch@users.noreply.github.com> Date: Fri, 26 Apr 2024 13:23:48 -0400 Subject: [PATCH 5/9] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 2146fad1..7de023c1 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,7 @@ This application and exercises will take you through some of the OWASP top 10 Vulnerabilities and how to prevent them. Hello. Hello Again! +Me again!! ## Up and running From 9dc4fd66eb7d88dee950e193a3a821cd3923ef26 Mon Sep 17 00:00:00 2001 From: Karen Lynch <22330747+karenlynch@users.noreply.github.com> Date: Fri, 26 Apr 2024 13:25:47 -0400 Subject: [PATCH 6/9] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b0dd6a7a..36a1d67d 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,7 @@ This application and exercises will take you through some of the OWASP top 10 Vu Hello. Hello Again! Hello there! +me again on branch this time! ## Up and running From 6f0178a8e0a0b780a3778229ce0f67518c9dbe67 Mon Sep 17 00:00:00 2001 From: Karen Lynch <22330747+karenlynch@users.noreply.github.com> Date: Fri, 26 Apr 2024 13:28:14 -0400 Subject: [PATCH 7/9] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 36a1d67d..ec2968ad 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,7 @@ Hello. Hello Again! Hello there! me again on branch this time! +I'm boring Jake! ## Up and running From 0b7e165c05ca3a513527f15ad958cd1a252cdef1 Mon Sep 17 00:00:00 2001 From: Karen Lynch Date: Fri, 3 May 2024 19:28:32 +0100 Subject: [PATCH 8/9] test --- veracode.yml | 1 + 1 file changed, 1 insertion(+) create mode 100644 veracode.yml diff --git a/veracode.yml b/veracode.yml new file mode 100644 index 00000000..69f1854e --- /dev/null +++ b/veracode.yml @@ -0,0 +1 @@ +profile: karen_test_profile From 1aeaffdf7805887ff4f0310799ada28d52ab18e6 Mon Sep 17 00:00:00 2001 From: Karen Lynch Date: Fri, 3 May 2024 19:43:26 +0100 Subject: [PATCH 9/9] update yml --- veracode.yml | 82 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 81 insertions(+), 1 deletion(-) diff --git a/veracode.yml b/veracode.yml index 69f1854e..fc172b7b 100644 --- a/veracode.yml +++ b/veracode.yml @@ -1 +1,81 @@ -profile: karen_test_profile +veracode_static_scan: + # Please only specify trigger:true for either push event or + # pull request event. Specifying both will only execute push event. + # Leaving them both false means this will never run + push: + trigger: true + # Please only specify either branches_to_run or branches_to_exclude + # Entering both will only execute branches_to_run + # Leaving them both blank means this will never run + branches_to_run: + - '*' + branches_to_exclude: + pull_request: + trigger: true + action: + - opened + - synchronize + target_branch: + - default_branch + # What branch would you like to use for platform analysis + # By selecting a branch here - Veracode will save your last scan result + # As an App Profile - given the current name of your scanned repo + # Use 'none' if you would not like any scans saved to the platform + analysis_branch: ENTER_BRANCH_NAME_HERE + #If the break_build_policy_findings is set to true, the build will break if the pipeline scan finds any policy violations. + break_build_policy_findings: true + #If the break_build_on_error is set to true, the build will break if the scan failed to complete in time or with an error. + break_build_on_error: false + #If the break_build_on_policy_error is set to true, this is the error message that will be displayed if the pipeline scan fails to complete in time or with an error. + error_message: "Veracode SAST scan faced a problem. Please contact your Veracode administrator for more information. If you are a Veracode administrator, please contact Veracode support." + policy: 'Veracode Recommended Medium + SCA' + compile_locally: false + local_compilation_workflow: na + profile: klynch-profile-change + +veracode_sca_scan: + # Please only specify trigger:true for either push event or + # pull request event. Specifying both will only execute push event. + # Leaving them both false means this will never run + push: + trigger: true + branches_to_run: + - '*' + branches_to_exclude: + pull_request: + trigger: true + action: + - opened + - synchronize + target_branch: + - default_branch + #If the break_build_policy_findings is set to true, the build will break if the SCA scan finds any policy violations. + break_build_policy_findings: true + #If the break_build_on_error is set to true, the build will break if the scan failed to complete, no libraries found, no build system found or on any other error. + break_build_on_error: true + #If the break_build_on_policy_error is set to true, this is the error message that will be displayed if the SCA scan fails to complete, no libraries found, no build system found or on any other error. + error_message: "Veracode SCA scan faced a problem. Please contact your Veracode administrator for more information. If you are a Veracode administrator, please contact Veracode support." + +veracode_iac_secrets_scan: + # Please only specify trigger:true for either push event or + # pull request event. Specifying both will only execute push event. + # Leaving them both false means this will never run + push: + trigger: true + branches_to_run: + - '*' + branches_to_exclude: + pull_request: + trigger: true + action: + - opened + - synchronize + target_branch: + - default_branch + #If the break_build_policy_findings is set to true, the build will break if the IaC/Secrets scan finds any policy violations. + break_build_policy_findings: true + #If the break_build_on_error is set to true, the build will break if the scan failed to complete, no libraries found or on any other error. + break_build_on_error: true + #If the break_build_on_policy_error is set to true, this is the error message that will be displayed if the IaC/Secrets scan fails to complete, no libraries found or on any other error. + error_message: "Veracode SCA scan faced a problem. Please contact your Veracode administrator for more information. If you are a Veracode administrator, please contact Veracode support." +