Skip to content

SAI-1181: clean up to remove sca-vuln-listing-metadata.json and instead pad workflow-metadata #93

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
skimwpi wants to merge 3 commits into
base: SAI-fix-for-sca
Choose a base branch
from
Open

SAI-1181: clean up to remove sca-vuln-listing-metadata.json and instead pad workflow-metadata #93

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
034eabd
SAI-1181: clean up to remove sca-vuln-listing-metadata.json and inste…
Mar 3, 2026
e56e185
Fix spelling mistake of repositroy -> repository that is confined to …
Mar 3, 2026
0838fce
update reference branch of veracode-sca
Mar 3, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/binary-ready-veracode-sast-pipeline-scan.yml
View file
Open in desktop
Copy link

@djitz djitz Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I understand there are typos on this file and other files and you want to fix them, but they're not part of the SAI-1181 scope. I think it's better to keep this PR purpose focused on the relevant changes.

Copy link
Author

@skimwpi skimwpi Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I checked that it was constrainted to veracode-check-run.yml. I originally thought of leaving it as is and leaving it with a typo but once I realized that it was constrained to veracode-check-run.yml, I was relatively confident that the change should be okay. I will bring it up with Karthik tomorrow morning.

Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,8 @@ jobs:
with:
check_run_name: ${{ github.workflow }}
head_sha: ${{ github.event.client_payload.sha }}
repositroy_owner: ${{ github.event.client_payload.repository.owner }}
repositroy_name: ${{ github.event.client_payload.repository.name }}
repository_owner: ${{ github.event.client_payload.repository.owner }}
repository_name: ${{ github.event.client_payload.repository.name }}
event_type: ${{ github.event.client_payload.event_type }}
github_token: ${{ github.event.client_payload.token }}
run_id: ${{ github.run_id }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/binary-ready-veracode-sast-policy-scan.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,8 @@ jobs:
with:
check_run_name: ${{ github.workflow }}
head_sha: ${{ github.event.client_payload.sha }}
repositroy_owner: ${{ github.event.client_payload.repository.owner }}
repositroy_name: ${{ github.event.client_payload.repository.name }}
repository_owner: ${{ github.event.client_payload.repository.owner }}
repository_name: ${{ github.event.client_payload.repository.name }}
event_type: ${{ github.event.client_payload.event_type }}
github_token: ${{ github.event.client_payload.token }}
run_id: ${{ github.run_id }}
Expand Down
22 changes: 15 additions & 7 deletions .github/workflows/veracode-check-run.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,18 @@ on:
description: 'ID of workflow run (provided via GitHub syntax `github.run_id`)'
required: true
type: string
repositroy_owner:
description: 'repositroy_owner of original commit (provided by GitHub app via `github.event.client_payload.repository.owner`)'
repository_owner:
description: 'repository_owner of original commit (provided by GitHub app via `github.event.client_payload.repository.owner`)'
required: true
type: string
repositroy_name:
description: 'repositroy_name of original commit (provided by GitHub app via `github.event.client_payload.repository.name`)'
repository_name:
description: 'repository_name of original commit (provided by GitHub app via `github.event.client_payload.repository.name`)'
required: true
type: string
pull_request_num:
description: 'The associated pull request number (provided by GitHub app via `github.event.client_payload.pr_number`)'
required: false
type: string
check_run_name:
description: 'Name of check (Use `github.workflow` to use the name of the workflow)'
required: true
Expand Down Expand Up @@ -56,8 +60,8 @@ jobs:
route: POST /repos/{owner}/{repo}/check-runs
env:
GITHUB_TOKEN: ${{ inputs.github_token }}
INPUT_OWNER: ${{ inputs.repositroy_owner }}
INPUT_REPO: ${{ inputs.repositroy_name }}
INPUT_OWNER: ${{ inputs.repository_owner }}
INPUT_REPO: ${{ inputs.repository_name }}
INPUT_NAME: ${{ inputs.check_run_name }}
INPUT_HEAD_SHA: ${{ inputs.head_sha }}
INPUT_DETAILS_URL: "https://github.com/${{ github.repository }}/actions/runs/${{ inputs.run_id }}"
Expand All @@ -67,7 +71,11 @@ jobs:
run: |
echo '{
"check_run_type": "${{ inputs.event_type }}",
"repository_name": "${{ inputs.repositroy_name }}",
"repository_name": "${{ inputs.repository_name }}",
"repository_owner": "${{ inputs.repository_owner }}",
"pull_request": {
"num": "${{ inputs.pull_request_num }}"
},
"check_run_id": ${{ fromJson(steps.create_check_run.outputs.data).id }},
"branch": "${{ inputs.branch }}",
"sha": "${{ inputs.head_sha }}"
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/veracode-code-analysis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,8 +44,8 @@ jobs:
with:
check_run_name: ${{ github.workflow }} - ${{ contains(github.event.action, 'policy') && 'Policy' || 'Pipeline' }}
head_sha: ${{ github.event.client_payload.sha }}
repositroy_owner: ${{ github.event.client_payload.repository.owner }}
repositroy_name: ${{ github.event.client_payload.repository.name }}
repository_owner: ${{ github.event.client_payload.repository.owner }}
repository_name: ${{ github.event.client_payload.repository.name }}
event_type: ${{ github.event.client_payload.event_type }}
github_token: ${{ github.event.client_payload.token }}
run_id: ${{ github.run_id }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/veracode-iac-secrets-scan.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,8 @@ jobs:
with:
check_run_name: ${{ github.workflow }}
head_sha: ${{ github.event.client_payload.sha }}
repositroy_owner: ${{ github.event.client_payload.repository.owner }}
repositroy_name: ${{ github.event.client_payload.repository.name }}
repository_owner: ${{ github.event.client_payload.repository.owner }}
repository_name: ${{ github.event.client_payload.repository.name }}
event_type: ${{ github.event.client_payload.event_type }}
github_token: ${{ github.event.client_payload.token }}
run_id: ${{ github.run_id }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/veracode-not-supported.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@ jobs:
with:
check_run_name: ${{ github.workflow }}
head_sha: ${{ github.event.client_payload.sha }}
repositroy_owner: ${{ github.event.client_payload.repository.owner }}
repositroy_name: ${{ github.event.client_payload.repository.name }}
repository_owner: ${{ github.event.client_payload.repository.owner }}
repository_name: ${{ github.event.client_payload.repository.name }}
event_type: ${{ github.event.client_payload.event_type }}
github_token: ${{ github.event.client_payload.token }}
run_id: ${{ github.run_id }}
Expand Down
11 changes: 4 additions & 7 deletions .github/workflows/veracode-sca-scan.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,9 @@ jobs:
with:
check_run_name: ${{ github.workflow }}
head_sha: ${{ github.event.client_payload.sha }}
repositroy_owner: ${{ github.event.client_payload.repository.owner }}
repositroy_name: ${{ github.event.client_payload.repository.name }}
repository_owner: ${{ github.event.client_payload.repository.owner }}
repository_name: ${{ github.event.client_payload.repository.name }}
pull_request_num: ${{ github.event.client_payload.pr_number }}
event_type: ${{ github.event.client_payload.event_type }}
github_token: ${{ github.event.client_payload.token }}
run_id: ${{ github.run_id }}
Expand Down Expand Up @@ -175,7 +176,7 @@ jobs:
JAVA_OPTS: -Xms2g -Xmx4g
VERACODE_API_KEY_ID: '${{ secrets.VERACODE_API_ID }}'
VERACODE_API_KEY_SECRET: '${{ secrets.VERACODE_API_KEY }}'
uses: "veracode/veracode-sca@SAI-1181-latest" # TODO: update this when tag is cut
uses: "veracode/veracode-sca@SAI-1181-cleanup" # TODO: update this when tag is cut
Copy link

@djitz djitz Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we wait for the changes on SCA action merged to the feature branch SAI-fix-for-sca and refer it here instead the dev branch?

Copy link
Author

@skimwpi skimwpi Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes and once the other components are merged, I can update this to SAI-fix-for-sca.

with:
github_token: ${{ secrets.GITHUB_TOKEN }}
create-issues: false
Expand All @@ -187,8 +188,4 @@ jobs:
sca_fix_enabled: ${{ github.event.client_payload.user_config.sca_fix_enabled }}
profile_name: ${{ github.event.client_payload.user_config.profile_name }}
pr_number: ${{ github.event.client_payload.pr_number }}
client_repository_branch: ${{ github.event.client_payload.repository.branch }}
client_repository_name: ${{ github.event.client_payload.repository.name }}
client_repository_owner: ${{ github.event.client_payload.repository.owner }}
client_repository_full_name: ${{ github.event.client_payload.repository.full_name }}