From 034eabdcd1bf3bdf9da540acbee6d937a6a59715 Mon Sep 17 00:00:00 2001 From: Seung Wook Kim Date: Mon, 2 Mar 2026 19:19:24 -0500 Subject: [PATCH 1/4] SAI-1181: clean up to remove sca-vuln-listing-metadata.json and instead pad workflow-metadata --- .github/workflows/veracode-check-run.yml | 8 ++++++++ .github/workflows/veracode-sca-scan.yml | 5 +---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.github/workflows/veracode-check-run.yml b/.github/workflows/veracode-check-run.yml index 49af4932..838da5d5 100644 --- a/.github/workflows/veracode-check-run.yml +++ b/.github/workflows/veracode-check-run.yml @@ -18,6 +18,10 @@ on: description: 'repositroy_name of original commit (provided by GitHub app via `github.event.client_payload.repository.name`)' required: true type: string + pull_request_num: + description: 'The associated pull request number (provided by GitHub app via `github.event.client_payload.pr_number`)' + required: false + type: string check_run_name: description: 'Name of check (Use `github.workflow` to use the name of the workflow)' required: true @@ -68,6 +72,10 @@ jobs: echo '{ "check_run_type": "${{ inputs.event_type }}", "repository_name": "${{ inputs.repositroy_name }}", + "repository_owner": "${{ inputs.repository_owner }}", + "pull_request": { + "num": "${{ inputs.pull_request_num }}" + }, "check_run_id": ${{ fromJson(steps.create_check_run.outputs.data).id }}, "branch": "${{ inputs.branch }}", "sha": "${{ inputs.head_sha }}" diff --git a/.github/workflows/veracode-sca-scan.yml b/.github/workflows/veracode-sca-scan.yml index 3e86f6ad..b294491b 100644 --- a/.github/workflows/veracode-sca-scan.yml +++ b/.github/workflows/veracode-sca-scan.yml @@ -24,6 +24,7 @@ jobs: head_sha: ${{ github.event.client_payload.sha }} repositroy_owner: ${{ github.event.client_payload.repository.owner }} repositroy_name: ${{ github.event.client_payload.repository.name }} + pull_request_num: ${{ github.event.client_payload.pr_number }} event_type: ${{ github.event.client_payload.event_type }} github_token: ${{ github.event.client_payload.token }} run_id: ${{ github.run_id }} @@ -187,8 +188,4 @@ jobs: sca_fix_enabled: ${{ github.event.client_payload.user_config.sca_fix_enabled }} profile_name: ${{ github.event.client_payload.user_config.profile_name }} pr_number: ${{ github.event.client_payload.pr_number }} - client_repository_branch: ${{ github.event.client_payload.repository.branch }} - client_repository_name: ${{ github.event.client_payload.repository.name }} - client_repository_owner: ${{ github.event.client_payload.repository.owner }} - client_repository_full_name: ${{ github.event.client_payload.repository.full_name }} From e56e1858bc7f2e410bcb93344017eabb31ad1a06 Mon Sep 17 00:00:00 2001 From: Seung Wook Kim Date: Mon, 2 Mar 2026 19:35:14 -0500 Subject: [PATCH 2/4] Fix spelling mistake of repositroy -> repository that is confined to veracode-check-run job --- .../binary-ready-veracode-sast-pipeline-scan.yml | 4 ++-- .../binary-ready-veracode-sast-policy-scan.yml | 4 ++-- .github/workflows/veracode-check-run.yml | 14 +++++++------- .github/workflows/veracode-code-analysis.yml | 4 ++-- .github/workflows/veracode-iac-secrets-scan.yml | 4 ++-- .github/workflows/veracode-not-supported.yml | 4 ++-- .github/workflows/veracode-sca-scan.yml | 4 ++-- 7 files changed, 19 insertions(+), 19 deletions(-) diff --git a/.github/workflows/binary-ready-veracode-sast-pipeline-scan.yml b/.github/workflows/binary-ready-veracode-sast-pipeline-scan.yml index 43b20841..daee3196 100644 --- a/.github/workflows/binary-ready-veracode-sast-pipeline-scan.yml +++ b/.github/workflows/binary-ready-veracode-sast-pipeline-scan.yml @@ -16,8 +16,8 @@ jobs: with: check_run_name: ${{ github.workflow }} head_sha: ${{ github.event.client_payload.sha }} - repositroy_owner: ${{ github.event.client_payload.repository.owner }} - repositroy_name: ${{ github.event.client_payload.repository.name }} + repository_owner: ${{ github.event.client_payload.repository.owner }} + repository_name: ${{ github.event.client_payload.repository.name }} event_type: ${{ github.event.client_payload.event_type }} github_token: ${{ github.event.client_payload.token }} run_id: ${{ github.run_id }} diff --git a/.github/workflows/binary-ready-veracode-sast-policy-scan.yml b/.github/workflows/binary-ready-veracode-sast-policy-scan.yml index 5ce9d05d..39df155c 100644 --- a/.github/workflows/binary-ready-veracode-sast-policy-scan.yml +++ b/.github/workflows/binary-ready-veracode-sast-policy-scan.yml @@ -22,8 +22,8 @@ jobs: with: check_run_name: ${{ github.workflow }} head_sha: ${{ github.event.client_payload.sha }} - repositroy_owner: ${{ github.event.client_payload.repository.owner }} - repositroy_name: ${{ github.event.client_payload.repository.name }} + repository_owner: ${{ github.event.client_payload.repository.owner }} + repository_name: ${{ github.event.client_payload.repository.name }} event_type: ${{ github.event.client_payload.event_type }} github_token: ${{ github.event.client_payload.token }} run_id: ${{ github.run_id }} diff --git a/.github/workflows/veracode-check-run.yml b/.github/workflows/veracode-check-run.yml index 838da5d5..0d5c09df 100644 --- a/.github/workflows/veracode-check-run.yml +++ b/.github/workflows/veracode-check-run.yml @@ -10,12 +10,12 @@ on: description: 'ID of workflow run (provided via GitHub syntax `github.run_id`)' required: true type: string - repositroy_owner: - description: 'repositroy_owner of original commit (provided by GitHub app via `github.event.client_payload.repository.owner`)' + repository_owner: + description: 'repository_owner of original commit (provided by GitHub app via `github.event.client_payload.repository.owner`)' required: true type: string - repositroy_name: - description: 'repositroy_name of original commit (provided by GitHub app via `github.event.client_payload.repository.name`)' + repository_name: + description: 'repository_name of original commit (provided by GitHub app via `github.event.client_payload.repository.name`)' required: true type: string pull_request_num: @@ -60,8 +60,8 @@ jobs: route: POST /repos/{owner}/{repo}/check-runs env: GITHUB_TOKEN: ${{ inputs.github_token }} - INPUT_OWNER: ${{ inputs.repositroy_owner }} - INPUT_REPO: ${{ inputs.repositroy_name }} + INPUT_OWNER: ${{ inputs.repository_owner }} + INPUT_REPO: ${{ inputs.repository_name }} INPUT_NAME: ${{ inputs.check_run_name }} INPUT_HEAD_SHA: ${{ inputs.head_sha }} INPUT_DETAILS_URL: "https://github.com/${{ github.repository }}/actions/runs/${{ inputs.run_id }}" @@ -71,7 +71,7 @@ jobs: run: | echo '{ "check_run_type": "${{ inputs.event_type }}", - "repository_name": "${{ inputs.repositroy_name }}", + "repository_name": "${{ inputs.repository_name }}", "repository_owner": "${{ inputs.repository_owner }}", "pull_request": { "num": "${{ inputs.pull_request_num }}" diff --git a/.github/workflows/veracode-code-analysis.yml b/.github/workflows/veracode-code-analysis.yml index 3cf4c1ba..db92bd3d 100644 --- a/.github/workflows/veracode-code-analysis.yml +++ b/.github/workflows/veracode-code-analysis.yml @@ -44,8 +44,8 @@ jobs: with: check_run_name: ${{ github.workflow }} - ${{ contains(github.event.action, 'policy') && 'Policy' || 'Pipeline' }} head_sha: ${{ github.event.client_payload.sha }} - repositroy_owner: ${{ github.event.client_payload.repository.owner }} - repositroy_name: ${{ github.event.client_payload.repository.name }} + repository_owner: ${{ github.event.client_payload.repository.owner }} + repository_name: ${{ github.event.client_payload.repository.name }} event_type: ${{ github.event.client_payload.event_type }} github_token: ${{ github.event.client_payload.token }} run_id: ${{ github.run_id }} diff --git a/.github/workflows/veracode-iac-secrets-scan.yml b/.github/workflows/veracode-iac-secrets-scan.yml index 437ac1f8..719055d7 100644 --- a/.github/workflows/veracode-iac-secrets-scan.yml +++ b/.github/workflows/veracode-iac-secrets-scan.yml @@ -22,8 +22,8 @@ jobs: with: check_run_name: ${{ github.workflow }} head_sha: ${{ github.event.client_payload.sha }} - repositroy_owner: ${{ github.event.client_payload.repository.owner }} - repositroy_name: ${{ github.event.client_payload.repository.name }} + repository_owner: ${{ github.event.client_payload.repository.owner }} + repository_name: ${{ github.event.client_payload.repository.name }} event_type: ${{ github.event.client_payload.event_type }} github_token: ${{ github.event.client_payload.token }} run_id: ${{ github.run_id }} diff --git a/.github/workflows/veracode-not-supported.yml b/.github/workflows/veracode-not-supported.yml index 7a82f149..dfc51757 100644 --- a/.github/workflows/veracode-not-supported.yml +++ b/.github/workflows/veracode-not-supported.yml @@ -12,8 +12,8 @@ jobs: with: check_run_name: ${{ github.workflow }} head_sha: ${{ github.event.client_payload.sha }} - repositroy_owner: ${{ github.event.client_payload.repository.owner }} - repositroy_name: ${{ github.event.client_payload.repository.name }} + repository_owner: ${{ github.event.client_payload.repository.owner }} + repository_name: ${{ github.event.client_payload.repository.name }} event_type: ${{ github.event.client_payload.event_type }} github_token: ${{ github.event.client_payload.token }} run_id: ${{ github.run_id }} diff --git a/.github/workflows/veracode-sca-scan.yml b/.github/workflows/veracode-sca-scan.yml index b294491b..d7141271 100644 --- a/.github/workflows/veracode-sca-scan.yml +++ b/.github/workflows/veracode-sca-scan.yml @@ -22,8 +22,8 @@ jobs: with: check_run_name: ${{ github.workflow }} head_sha: ${{ github.event.client_payload.sha }} - repositroy_owner: ${{ github.event.client_payload.repository.owner }} - repositroy_name: ${{ github.event.client_payload.repository.name }} + repository_owner: ${{ github.event.client_payload.repository.owner }} + repository_name: ${{ github.event.client_payload.repository.name }} pull_request_num: ${{ github.event.client_payload.pr_number }} event_type: ${{ github.event.client_payload.event_type }} github_token: ${{ github.event.client_payload.token }} From 0838fce4e39b23324bab82f7c0b47ca0d0c403f9 Mon Sep 17 00:00:00 2001 From: Seung Wook Kim Date: Mon, 2 Mar 2026 19:50:40 -0500 Subject: [PATCH 3/4] update reference branch of veracode-sca --- .github/workflows/veracode-sca-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/veracode-sca-scan.yml b/.github/workflows/veracode-sca-scan.yml index d7141271..da1796ee 100644 --- a/.github/workflows/veracode-sca-scan.yml +++ b/.github/workflows/veracode-sca-scan.yml @@ -176,7 +176,7 @@ jobs: JAVA_OPTS: -Xms2g -Xmx4g VERACODE_API_KEY_ID: '${{ secrets.VERACODE_API_ID }}' VERACODE_API_KEY_SECRET: '${{ secrets.VERACODE_API_KEY }}' - uses: "veracode/veracode-sca@SAI-1181-latest" # TODO: update this when tag is cut + uses: "veracode/veracode-sca@SAI-1181-cleanup" # TODO: update this when tag is cut with: github_token: ${{ secrets.GITHUB_TOKEN }} create-issues: false From cb2265e37222bcc5f6b1a6993c233a5f9debfdb5 Mon Sep 17 00:00:00 2001 From: Seung Wook Kim Date: Wed, 4 Mar 2026 16:35:55 -0500 Subject: [PATCH 4/4] SAI-1181: update reference branch of veracode-sca to SAI-fix-for-sca --- .github/workflows/veracode-sca-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/veracode-sca-scan.yml b/.github/workflows/veracode-sca-scan.yml index da1796ee..68e3c6d9 100644 --- a/.github/workflows/veracode-sca-scan.yml +++ b/.github/workflows/veracode-sca-scan.yml @@ -176,7 +176,7 @@ jobs: JAVA_OPTS: -Xms2g -Xmx4g VERACODE_API_KEY_ID: '${{ secrets.VERACODE_API_ID }}' VERACODE_API_KEY_SECRET: '${{ secrets.VERACODE_API_KEY }}' - uses: "veracode/veracode-sca@SAI-1181-cleanup" # TODO: update this when tag is cut + uses: "veracode/veracode-sca@SAI-fix-for-sca" # TODO: update this when tag is cut with: github_token: ${{ secrets.GITHUB_TOKEN }} create-issues: false