You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Mar 20, 2024. It is now read-only.
JonZeolla edited this page Jan 15, 2020
·
2 revisions
What is SAST?
Source code analysis tools, also referred to as Static Application Security Testing (SAST) tools, are designed to analyze source code and/or compiled versions of code to help find security flaws.
Veracode Integration
Veracode provides a variety of APIs that allow you to programmatically interface with their offerings. Of those, this project currently integrates with two of the XML APIs to initiate scans of an application's build artifacts and to check the compliance of an application with the configured application security policy within Veracode.
If you'd like to submit an application build for scanning without affecting your application compliance (such as when a PR is opened), I suggest creating and specifying a sandbox at runtime. See Usage for more information.