Skip to content
This repository has been archived by the owner on Mar 20, 2024. It is now read-only.

Configuring easy_sast

Jump to bottom
Phil Blackburn edited this page Mar 25, 2021 · 11 revisions

There are four methods for configuring easy_sast, and each step overwrites any overlapping configurations from prior steps.

  1. Default configurations stored in the API classes and in a default configuration dictionary.
  2. A configuration file which defaults to easy_sast.yml. An example is provided as easy_sast_example.yml in the base of this project.
  3. Environment variables for passing API key IDs and secrets without storing them on disk.
  4. Command-line arguments which can be passed into the docker container and are detailed in usage.

Default configurations

Option Default value
api_key_id None
api_key_secret None
app_name None
base_url "https://analysiscenter.veracode.com/api/"
build_dir /build/
build_id datetime.utcnow().strftime('%F_%H-%M-%S')
config_file ./easy_sast.yml
auto_scan True
sandbox_name None
scan_all_nonfatal_top_level_modules True
ignore_compliance_status False
loglevel "WARNING"
version Per-API, see the example config file
workflow ["submit_artifacts", "check_compliance"]

Configuration File

To use a config file, volume mount it to /usr/src/app/easy_sast.yml during your docker run or COPY it into the container during your build.

Here is an example valid config file:

---
apis:
  results:
    base_url: "https://analysiscenter.veracode.com/api/"
    version: {
              "detailedreport.do": "5.0",
              "detailedreportpdf.do": "4.0",
              "getaccountcustomfieldlist.do": "5.0",
              "getappbuilds.do": "4.0",
              "getcallstacks.do": "5.0",
              "summaryreport.do": "4.0",
              "summaryreportpdf.do": "4.0",
              "thirdpartyreportpdf.do": "4.0",
             }
    app_name: "TestApp"
    ignore_compliance_status: False
  upload:
    base_url: "https://analysiscenter.veracode.com/api/"
    version: {
              "beginprescan.do": "5.0",
              "beginscan.do": "5.0",
              "createapp.do": "5.0",
              "createbuild.do": "5.0",
              "deleteapp.do": "5.0",
              "deletebuild.do": "5.0",
              "getappinfo.do": "5.0",
              "getapplist.do": "5.0",
              "getbuildinfo.do": "5.0",
              "getbuildlist.do": "5.0",
              "getfilelist.do": "5.0",
              "getpolicylist.do": "5.0",
              "getprescanresults.do": "5.0",
              "getvendorlist.do": "5.0",
              "removefile.do": "5.0",
              "updateapp.do": "5.0",
              "updatebuild.do": "5.0",
              "uploadfile.do": "5.0",
              "uploadlargefile.do": "5.0"
             }
    app_name: "TestApp"
    build_dir: "/build/"
    build_id: "2037-03-13_03-14-15"
    scan_all_nonfatal_top_level_modules: True
    auto_scan: True
  sandbox:
    base_url: "https://analysiscenter.veracode.com/api/"
    version: {
              "createsandbox.do": "5.0",
              "getsandboxlist.do": "5.0",
              "promotesandbox.do": "5.0",
              "updatesandbox.do": "5.0",
              "deletesandbox.do": "5.0"
             }
    app_name: "TestApp"
    sandbox_name: "fb/jonzeolla/name-of-branch"
loglevel: "warning"
workflow:
  - "submit_artifacts"
  - "check_compliance"

Environment Variables

  • VERACODE_API_KEY_ID
  • VERACODE_API_KEY_SECRET

Command-Line Arguments

See usage.

Clone this wiki locally