From 8dfe77b7f6a442be843e2ae2b2964b97a08d752b Mon Sep 17 00:00:00 2001 From: Anthony Fielding Date: Tue, 12 Mar 2024 14:46:35 +0000 Subject: [PATCH 1/2] Add Veracode SAST Bulk Mitigator tool --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 48fef33..d16bf10 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,9 @@ These projects are community contributed and not supported by Veracode. For a li - [Veracode Mitigation Copier](https://github.com/tjarrettveracode/veracode-mitigation-copier) ([Tjarrettveracode](https://github.com/tjarrettveracode/)) - Copies mitigations from one Veracode profile to another if it's the same flaw based on the following flaw attributes: issueid, cweid, type, sourcefile, and line. The script will copy all proposed and accepted mitigations for the flaw. The script will skip a flaw in the copy_to build if it already has an accepted mitigation. +- [Veracode SAST Bulk Mitigator](https://github.com/antfie/veracode_bulk_mitigator) ([antfie](https://github.com/antfie/)) - This tool performs bulk mitigation actions on open SAST flaws reported in multiple application profiles. The definitions of what to mitigate (e.g. file name, line number) and the mitigation comments and actions to apply are defined via a JSON file. Application profile names to target are specified via a text file or alternatively a flag can be set to process all application profiles. + + - [Veracode PDF Reports](https://github.com/jphillips-vc/veracode-pdf-reports) ([Jphillips-vc](https://github.com/jphillips-vc)) - Pulls latest PDF reports from Veracode for recent Static and Dynamic scans. - [Veracode Policy Examples](https://github.com/tjarrettveracode/veracode-policy-examples) ([Tjarrettveracode](https://github.com/tjarrettveracode)) - A collection of example application security "policies as code" that can be added to your Veracode organization account. From 5a27aa91e4c4c1f70df6f2b3fb47ea6b53bcc36f Mon Sep 17 00:00:00 2001 From: Anthony Fielding Date: Tue, 12 Mar 2024 14:47:35 +0000 Subject: [PATCH 2/2] Update README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index d16bf10..dbd66d8 100644 --- a/README.md +++ b/README.md @@ -59,7 +59,6 @@ These projects are community contributed and not supported by Veracode. For a li - [Veracode SAST Bulk Mitigator](https://github.com/antfie/veracode_bulk_mitigator) ([antfie](https://github.com/antfie/)) - This tool performs bulk mitigation actions on open SAST flaws reported in multiple application profiles. The definitions of what to mitigate (e.g. file name, line number) and the mitigation comments and actions to apply are defined via a JSON file. Application profile names to target are specified via a text file or alternatively a flag can be set to process all application profiles. - - [Veracode PDF Reports](https://github.com/jphillips-vc/veracode-pdf-reports) ([Jphillips-vc](https://github.com/jphillips-vc)) - Pulls latest PDF reports from Veracode for recent Static and Dynamic scans. - [Veracode Policy Examples](https://github.com/tjarrettveracode/veracode-policy-examples) ([Tjarrettveracode](https://github.com/tjarrettveracode)) - A collection of example application security "policies as code" that can be added to your Veracode organization account.