From e5b6a7596ef0bda799d75f05307111461279ea2b Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 17 Oct 2023 04:27:35 +0000 Subject: [PATCH] Update page templates --- .../TopDesk_Daniel-Marchi.md | 11 +++++++++++ community-feed/community_integrations.json | 2 +- community-feed/results-collection-and-display.json | 2 +- 3 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 _results_collection_and_display/TopDesk_Daniel-Marchi.md diff --git a/_results_collection_and_display/TopDesk_Daniel-Marchi.md b/_results_collection_and_display/TopDesk_Daniel-Marchi.md new file mode 100644 index 0000000..0d4e865 --- /dev/null +++ b/_results_collection_and_display/TopDesk_Daniel-Marchi.md @@ -0,0 +1,11 @@ +--- +layout: post +repolink: "https://github.com/daniel-marchi/Veracode.Integration.TopDesk" +title: "TopDesk" +description: "Integration with ITSM | CSC | ESM tool called [TopDesk](https://www.topdesk.com/)." +author: "Daniel-Marchi" +author-link: "https://github.com/daniel-marchi" +content-type: "results_collection_and_display" +repo: "github" +repo_title: "TopDesk" +--- \ No newline at end of file diff --git a/community-feed/community_integrations.json b/community-feed/community_integrations.json index 138bfba..bac2c40 100644 --- a/community-feed/community_integrations.json +++ b/community-feed/community_integrations.json @@ -1 +1 @@ -{"community_integrations": [{"name": "Veracode_Delete_Sandbox", "link": "https://github.com/christyson/veracode_delete_sandbox", "author": {"name": "Christyson", "profile_link": "https://github.com/christyson/"}, "description": "A simple example script to delete a Sandbox if it exists in a Veracode application profile and you have the appropriate permissions.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Bulk add teams to workspaces", "link": "https://github.com/cadonuno/add-team-to-workspace", "author": {"name": "cadonuno", "profile_link": "https://github.com/cadibybi/"}, "description": "Allows for adding teams to workspaces in bulk.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Check Build Status", "link": "https://github.com/christyson/check_build_status", "author": {"name": "Christyson", "profile_link": "https://github.com/christyson/"}, "description": "Script to check if an application profile in Veracode has a build running currently. It also provides an option to delete the build if there is one running.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Check Pass Fail", "link": "https://github.com/christyson/check_pass_fail", "author": {"name": "Christyson", "profile_link": "https://github.com/christyson"}, "description": "A simple example script to check pass/fail status of a Veracode app profile (or sandbox) or for a list of app profiles with out sandboxes.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "VcodeAutoMitigate", "link": "https://github.com/brian1917/vcodeAutoMitigate", "author": {"name": "Brian1917", "profile_link": "https://github.com/brian1917/"}, "description": "Command line app that mitigates flaws in Veracode based on CWE, scan type, and specific text in the description.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "VcodeMitigationExpire", "link": "https://github.com/brian1917/vcodeMitigationExpire", "author": {"name": "Brian1917", "profile_link": "https://github.com/brian1917/"}, "description": "Utility designed to be run on a regular cadence (e.g., weekly cron job) to expire mitigations. The types of mitigations, expiration references, and other settings are controlled in a JSON config file.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Veracode Break the Build by Severity", "link": "https://github.com/christyson/Veracode-Break-The-Build-By-Severity", "author": {"name": "Christyson", "profile_link": "https://github.com/christyson/"}, "description": "This project contains three python scripts useful for working with Veracode projects in a build pipeline to break the build if any findings of a given severity or higher are found.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Veracode Create List of Sandboxes", "link": "https://github.com/cadonuno/veracode-create-list-of-sandboxes", "author": {"name": "cadonuno", "profile_link": "https://github.com/cadonuno/"}, "description": "This plugin creates a list of sandboxes in all available application profiles.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Veracode Get All SBOMs", "link": "https://github.com/cadonuno/Veracode-Bulk-SBOM", "author": {"name": "cadonuno", "profile_link": "https://github.com/cadonuno/"}, "description": "Allows for bulk generation of SBOM json files. It works for both US and EU instances and has support for Upload and Scan and Agent-based scan.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Veracode Get Single SBOM", "link": "https://github.com/cadonuno/Veracode-Get-Sbom", "author": {"name": "cadonuno", "profile_link": "https://github.com/cadonuno/"}, "description": "Gets the SBOM for a single Application Profile or Workspace/Project pair.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Veracode Mitigation Copier", "link": "https://github.com/tjarrettveracode/veracode-mitigation-copier", "author": {"name": "Tjarrettveracode", "profile_link": "https://github.com/tjarrettveracode/"}, "description": "Copies mitigations from one Veracode profile to another if it's the same flaw based on the following flaw attributes: issueid, cweid, type, sourcefile, and line. The script will copy all proposed and accepted mitigations for the flaw. The script will skip a flaw in the copy_to build if it already has an accepted mitigation.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Veracode PDF Reports", "link": "https://github.com/jphillips-vc/veracode-pdf-reports", "author": {"name": "Jphillips-vc", "profile_link": "https://github.com/jphillips-vc"}, "description": "Pulls latest PDF reports from Veracode for recent Static and Dynamic scans.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Veracode Policy Examples", "link": "https://github.com/tjarrettveracode/veracode-policy-examples", "author": {"name": "Tjarrettveracode", "profile_link": "https://github.com/tjarrettveracode"}, "description": "A collection of example application security \"policies as code\" that can be added to your Veracode organization account.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Veracode Promote Named Sandbox", "link": "https://github.com/cadonuno/Veracode-Promote-Named-Sandbox", "author": {"name": "cadonuno", "profile_link": "https://github.com/cadonuno/"}, "description": "This will promote the latest scan of a named sandbox.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Veracode Sandbox Mitigated Unique Findings", "link": "https://github.com/ctcampbell/veracode-sandbox-mitigated-unique-findings", "author": {"name": "Ctcampbell", "profile_link": "https://github.com/ctcampbell"}, "description": "This script will pull all open findings across all sandboxes for all applications and calculate which mitigated (proposed, accepted, or rejected) findings only exist in a single sandbox, and therefore may be deleted when the sandbox is deleted.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Veracode Scan Counts", "link": "https://github.com/tjarrettveracode/veracode-scan-counts", "author": {"name": "Tjarrettveracode", "profile_link": "https://github.com/tjarrettveracode"}, "description": "Identify Veracode application profiles with one or more static scans in an incomplete state.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Veracode Workspace Auto Create", "link": "https://github.com/tjarrettveracode/veracode-workspace-auto-create", "author": {"name": "Tjarrettveracode", "profile_link": "https://github.com/tjarrettveracode/"}, "description": "Uses the Veracode Agent Based Scan API and other Veracode REST APIs to automatically create a workspace for application profiles in a Veracode organization.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Veracode Delete Sandboxes via Threshold", "link": "https://github.com/julz0815/VeracodeDeleteSandboxes", "author": {"name": "Julz0815", "profile_link": "https://github.com/julz0815/"}, "description": "Java Script that will automatically delete Sandboxes from a profile via a configured threshold and the number of Sandboxes to be deleted.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "JavaScript Auto Packager", "link": "https://github.com/dub-flow/veracode-javascript-packager", "author": {"name": "dub-flow", "profile_link": "https://github.com/dub-flow/"}, "description": "CLI tool to automatically package a `JavaScript` application for Veracode Static Analysis", "categories": {"category": "Developer tools", "subcategory": "Auto Packagers (for SAST)"}}, {"name": "Go Auto Packager", "link": "https://github.com/relaxnow/vcgopkg", "author": {"name": "relaxnow", "profile_link": "https://github.com/relaxnow"}, "description": "CLI tool to automatically package a `Golang` application for Veracode Static Analysis", "categories": {"category": "Developer tools", "subcategory": "Auto Packagers (for SAST)"}}, {"name": ".NET Auto Packager", "link": "https://github.com/nhinv11/veracode-dotnet-packager", "author": {"name": "nhinv11", "profile_link": "https://github.com/nhinv11"}, "description": "CLI tool to automatically package a `.NET` application for Veracode Static Analysis", "categories": {"category": "Developer tools", "subcategory": "Auto Packagers (for SAST)"}}, {"name": "Bamboo", "link": "https://gitlab.com/buzzcode/Bamboo-Veracode", "author": {"name": "Buzzcode", "profile_link": "https://gitlab.com/buzzcode/"}, "description": "full featured Bamboo plugin including configuration UI, wait for scan to complete, and \"break the build\" functionality", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Bamboo-Jira", "link": "https://github.com/buildcom/VeracodeAtlassianPlugin", "author": {"name": "Buildcom", "profile_link": "https://github.com/buildcom/"}, "description": "provides a pair of simple plugins for upload and results handling from within Bamboo, and a lightweight script to create Jira issues (archived project)", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Bash-CircleCI", "link": "https://github.com/unregistered436/veracode-integrations/tree/master/shell-script", "author": {"name": "Unregistered436", "profile_link": "https://github.com/unregistered436"}, "description": "Veracode Upload and Scan Bash Script, originally written for CircleCI but can be used for any build system that can run a shell script in bash.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Bitrise-step-veracode-scan", "link": "https://github.com/psoladoye-geotab/bitrise-step-veracode-scan", "author": {"name": "Psoladoye-geotab", "profile_link": "https://github.com/psoladoye-geotab/"}, "description": "add Veracode scanning to Bitrise CI.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "CircleCI", "link": "https://github.com/ctcircleci/Verademo/blob/master/.circleci/config.yml", "author": {"name": "ctcircleci", "profile_link": "https://github.com/ctcircleci"}, "description": "Example configurations for building a project with Maven, then executing policy scan, agent-based SCA, and pipeline scan in a CircleCI pipeline.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "CircleCI", "link": "https://github.com/buzzcode/NodeGoat/blob/master/.circleci/config.yml", "author": {"name": "buzzcode", "profile_link": "https://github.com/buzzcode"}, "description": "Example configuration for zipping a project, then executing policy scan, agent-based SCA, and pipeline scan in a CircleCI pipeline.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Exemplos Veracode", "link": "https://github.com/M3Corp-Community/Veracode", "author": {"name": "Ivo Dias", "profile_link": "https://github.com/IGDEXE"}, "description": "In this repository you will find several examples for Veracode implementations created by the [M3Corp](https://github.com/M3Corp-Community) team. In the [Pipelines](https://github.com/M3Corp-Community/Veracode/tree/main/Pipelines) folder you can find how to implement in the most diverse CI/CD tools, such as [Azure](https://github.com/M3Corp-Community/Veracode/tree/main/Pipelines/Az%20DevOps), [GitLab](https://github.com/M3Corp-Community/Veracode/tree/main/Pipelines/GitLab), [GitHub Actions](https://github.com/M3Corp-Community/Veracode/tree/main/Pipelines/GitHub%20Actions) and [Jenkins](https://github.com/M3Corp-Community/Veracode/tree/main/Pipelines/Jenkins). Other implementation examples such as running in a [terminal](https://github.com/M3Corp-Community/Veracode/tree/main/SOs) and [translating the results](https://github.com/M3Corp-Community/Veracode/tree/main/FreeStyle) are also available. We normally publish in Portuguese, but the examples are completely understandable in other languages", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Jenkins (Jenkins Shell)", "link": "https://github.com/ian-c-leonard/veracode_jenkins_shell", "author": {"name": "Ian C Leonard", "profile_link": "https://github.com/ian-c-leonard"}, "description": "unofficial Veracode shell integration for Jenkins Freestyle projects.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "veracode-badges", "link": "https://github.com/Lerer/veracode-badge", "author": {"name": "Lerer", "profile_link": "https://github.com/Lerer/"}, "description": "produces badges for READMEs and other artifact repositories showing the status of Veracode policy scans.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Veracode Community SAST Azure DevOps Extension", "link": "https://github.com/MetLife/VeracodeCommunitySAST", "author": {"name": "MetLife", "profile_link": "https://github.com/MetLife/"}, "description": "Seamlessly integrate Veracode SAST scans with Azure DevOps build pipelines (using Pipeline Scan).", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "veracode-serverless-webhooks", "link": "https://github.com/Lerer/serverless-veracode-webhooks", "author": {"name": "Lerer", "profile_link": "https://github.com/Lerer"}, "description": "enables Veracode customers who want to use the Veracode Upload-and-Scan Static and SCA (not the Pipeline or the IDE scans) and get updates back in an asynchronous manner.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Verademo", "link": "https://github.com/christyson/verademo", "author": {"name": "christyson", "profile_link": "https://github.com/christyson"}, "description": "custom fork of Verademo, featuring sample pipeline configurations for Bitbucket, Jenkins and Azure Pipelines.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "XebiaLabs Release Veracode Plugin", "link": "https://github.com/xebialabs-community/xlr-veracode-plugin", "author": {"name": "XebiaLabs-Community", "profile_link": "https://github.com/xebialabs-community"}, "description": "XL Release for Veracode test automation.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "veracode-yml-sample-pipelines", "link": "https://github.com/victor-secops/Veracode-yml-sample-pipelines", "author": {"name": "Victor-secops", "profile_link": "https://github.com/victor-secops/"}, "description": "example YML files for Azure DevOps, Jenkins, GitLab, CircleCI. Pipelines include Veracode SCA Agent scans, Veracode Static Analysis policy and pipeline scans.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "veracode-aws-documentation", "link": "https://github.com/ClintPollock/Veracode-AWS-Code-Suite-Getting-Started-Guide", "author": {"name": "Clintpollock", "profile_link": "https://github.com/Clintpollock"}, "description": "How to setup an AWS CodeSuite with Veracode Static Analysis, Software Composition Analysis, and Dynamic Analysis.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "veracode-examples", "link": "https://github.com/restonlogic/veracode-examples", "author": {"name": "Brandon Samuel", "profile_link": "https://github.com/Engrave-zz"}, "description": "This repository contains veracode examples in the form of use cases that can be run in end-user environments. Kubernetes. AWS CodePipeline. CircleCi to GCP Functions. Multi-tiered application leveraging various languages.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Veracode Azure YML Samples", "link": "https://github.com/Clintpollock/VeracodeAzureYMLSamples/", "author": {"name": "Clintpollock", "profile_link": "https://github.com/Clintpollock"}, "description": "Samples of Azure YML files that work with Veracode scanning", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Veracode Community SCA Azure DevOps Extension", "link": "https://github.com/MetLife/VeracodeCommunitySCA", "author": {"name": "MetLife", "profile_link": "https://github.com/MetLife/VeracodeCommunitySCA"}, "description": "Seamlessly integrate Veracode Agent-Based SCA scans with Azure DevOps build or release pipelines.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Veracode Dynamic Analysis Azure Sample", "link": "https://github.com/jphillips-vc/Veracode-Dynamic-Analysis-Azure-Example", "author": {"name": "Jphillips-vc", "profile_link": "https://github.com/jphillips-vc/"}, "description": "Veracode Dynamic Analysis Azure Sample including script based authentication, and ISM configuration.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Veracode Flaw Importer", "link": "https://github.com/julz0815/veracode_flaw_importer", "author": {"name": "Julz0815", "profile_link": "https://github.com/julz0815/"}, "description": "GitHub Action to import static policy findings to GitHub Security Code Scanning Alerts.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Veracode Flaw Importer Postprocessing", "link": "https://github.com/cadonuno/ADOWorkItemsPostProcess", "author": {"name": "cadonuno", "profile_link": "https://github.com/cadonuno/"}, "description": "Plugin made to run after the regular import to update the work items with an assigned user and a linked Work Item.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Veracode for Azure DevOps Pipelines", "link": "https://github.com/zoekdestep/veracode-ado-pipelines", "author": {"name": "zoekdestep", "profile_link": "https://github.com/zoekdestep/"}, "description": "Yaml files to get started with Veracode on Azure DevOps. Accompanies this [blog post](https://community.veracode.com/s/blog/user-story-how-we-set-up-veracode-in-a-large-azure-project-MCT4HNONEE55CIFA6O3ULXNUW2BI).", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Azure DevOps Pipeline-Scan plugin", "link": "https://github.com/julz0815/ADO-Veracode-Pipeline-Scan-Plugin", "author": {"name": "Julz0815", "profile_link": "https://github.com/julz0815/"}, "description": "This plugin should make it easier to run the Veracode pipeline scan on Azure DevOps pipelines. The full scan jar is included within the plugin and don't need to be downloaded each time when the pipeline runs. In addition it will populate an additional tab on your pipeline run to display results in a more convinient way. The plugin will automatically update itself every night if a new version of the piepline scan jar is published.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "SCA Findings to Work Items", "link": "https://github.com/cadonuno/SCAFindingsToWorkItems", "author": {"name": "Cadonuno", "profile_link": "https://github.com/cadonuno/"}, "description": "Saves new Veracode SCA findings as Azure DevOps Work Items.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Azure DevOps promote scan", "link": "https://github.com/dmedeiros-veracode/devops-scripts-azure-devops/blob/main/jobs/veracode-sast-platform-release-candidate-promote-job.yml", "author": {"name": "dmedeiros-veracode", "profile_link": "https://github.com/dmedeiros-veracode"}, "description": "This repository contains Azure DevOps scripts that can be referenced and used for integration with Veracode Analysis tools.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Veracode Application Sandboxes Helper", "link": "https://github.com/marketplace/actions/veracode-application-sandboxes-helper", "author": {"name": "Lerer", "profile_link": "https://github.com/Lerer/"}, "description": "An Action to handle Sandboxes mainly as a set of clean-up activities such as: deleting a sandbox and promoting Sandbox scan to Policy Scan with or without deleting the sandbox", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Gradle", "link": "https://github.com/calgaryscientific/veracode-gradle-plugin", "author": {"name": "CalgaryScientific](https://github.com/calgaryscientific), based on [Kctang", "profile_link": "https://github.com/calgaryscientific), based on [Kctang](https://github.com/kctang/"}, "description": "Set of Gradle tasks, usable either as a command line submission tool or integrated as part of a continuous integration build process, to perform Veracode submission for applications and scan results for flaws.", "categories": {"category": "Developer tools", "subcategory": "Build tools"}}, {"name": "Sbt-veracode", "link": "https://github.com/sullis/sbt-veracode", "author": {"name": "Sullis", "profile_link": "https://github.com/sullis/"}, "description": "sbt plugin for Veracode.", "categories": {"category": "Developer tools", "subcategory": "Build tools"}}, {"name": "VSCode-Veracode", "link": "https://gitlab.com/buzzcode/VSCode-Veracode", "author": {"name": "Buzzcode", "profile_link": "https://gitlab.com/buzzcode/VSCode-Veracode"}, "description": "a plugin for Visual Studio Code that enables integration with Veracode Static Analysis. Currently, this only supports flaw download, but will be enhanced to support upload as well in the future.", "categories": {"category": "Developer tools", "subcategory": "IDEs"}}, {"name": "vsccode-veracode-sca", "link": "https://github.com/Lerer/vscode-veracode-sca", "author": {"name": "Lerer", "profile_link": "https://github.com/Lerer/"}, "description": "A very simple plugin for Veracode SCA to get agent-base SCA results into VSCode IDE.", "categories": {"category": "Developer tools", "subcategory": "IDEs"}}, {"name": "unofficial-vs-code-veracode-pipeline-scan", "link": "https://github.com/ctcampbell/unofficial-vs-code-veracode-pipeline-scan", "author": {"name": "Ctcampbell", "profile_link": "https://github.com/ctcampbell/"}, "description": "Scan an app with Veracode Pipeline Scan, and load results from a Veracode Pipeline Scan. [Link to the plugin in VSCode marketplace](https://marketplace.visualstudio.com/items?itemName=ctcampbell-com.unofficial-vs-code-veracode)", "categories": {"category": "Developer tools", "subcategory": "IDEs"}}, {"name": "Veracode Unified Plugin Unofficial Version", "link": "https://github.com/Lerer/VSCode-Veracode-Unified", "author": {"name": "Lerer", "profile_link": "https://github.com/Lerer/"}, "description": "VSCode plugin which integrate with the Veracode platform and enables downloading of scan results (findings) for both Static and SCA (Upload-and-Scan), run pipeline scan, and submit mitigations [Link to the plugin in VSCode marketplace](https://marketplace.visualstudio.com/items?itemName=YaakovLerer.veracode)", "categories": {"category": "Developer tools", "subcategory": "IDEs"}}, {"name": "Jetbrains family plugin", "link": "https://github.com/geraldtancl/veracode.plugin", "author": {"name": "GeraldTanCL", "profile_link": "https://github.com/geraldtancl"}, "description": "Compliments Veracode's official IntelliJ IDE integration with support for other Jetbrains IDE products. It enables you to download the SAST result from Veracode Platform into your Jetbrains IDE.", "categories": {"category": "Developer tools", "subcategory": "IDEs"}}, {"name": "Insomnia", "link": "https://github.com/veracode/insomnia-plugin-veracode-hmac", "author": {"name": "Veracode", "profile_link": "https://github.com/veracode/"}, "description": "Adds an HMAC authentication header to Veracode API requests in Insomnia.", "categories": {"category": "Developer tools", "subcategory": "API testing tools"}}, {"name": "Veracode-Postman", "link": "https://github.com/veracode/veracode-postman", "author": {"name": "Veracode", "profile_link": "https://github.com/veracode/"}, "description": "Pre-request authentication script and instructions for accessing Veracode APIs from Postman.", "categories": {"category": "Developer tools", "subcategory": "API testing tools"}}, {"name": "Ansible", "link": "https://github.com/telusdigital/ansible-veracode-scanner", "author": {"name": "Telus Digital", "profile_link": "https://github.com/telusdigital"}, "description": "allows uploading and scanning with Veracode from Ansible, with an option to send results to a Slack channel", "categories": {"category": "Developer tools", "subcategory": "Other"}}, {"name": "Flowdock", "link": "https://github.com/brian1917/vcodeFlowdockNotifier", "author": {"name": "Brian1917", "profile_link": "https://github.com/brian1917/"}, "description": "Utility designed to be run in a build process after a Veracode scan to notify a Flowdock flow that the scan completed. Optional to include policy compliance info in notification.", "categories": {"category": "Developer tools", "subcategory": "Other"}}, {"name": "PowerShell", "link": "https://github.com/unregistered436/veracode-integrations/tree/master/powershell", "author": {"name": "Unregistered436", "profile_link": "https://github.com/unregistered436"}, "description": "PowerShell script for pushing binaries to Veracode using Java API.", "categories": {"category": "Developer tools", "subcategory": "Other"}}, {"name": "Slack", "link": "https://github.com/ctcampbell/veracode-slack-slash-command", "author": {"name": "Ctcampbell", "profile_link": "https://github.com/ctcampbell"}, "description": "AWS Lambda commands that provide the ability to access Veracode application and build information from Slack.", "categories": {"category": "Developer tools", "subcategory": "Other"}}, {"name": "SonarQube", "link": "https://gitlab.com/buzzcode/SonarQube-Veracode", "author": {"name": "Buzzcode", "profile_link": "https://gitlab.com/buzzcode"}, "description": "Unofficial Veracode plugin for SonarQube.", "categories": {"category": "Developer tools", "subcategory": "Other"}}, {"name": "Veracode QuickScan", "link": "https://github.com/relaxnow/veracode-quick-scan", "author": {"name": "relaxnow", "profile_link": "https://github.com/relaxnow"}, "description": "PHP example of how to connect to the APIs, scan a couple of files and get results.", "categories": {"category": "Developer tools", "subcategory": "Other"}}, {"name": "veracode-tools", "link": "https://github.com/ctcampbell/veracode-tools", "author": {"name": "Ctcampbell", "profile_link": "https://github.com/ctcampbell"}, "description": "Docker image with all Veracode tools pre-installed.", "categories": {"category": "Developer tools", "subcategory": "Other"}}, {"name": "Veracode Upload and Scan Shell Script", "link": "https://github.com/christyson/Veracode-Upload-and-Scan-Shell-Script", "author": {"name": "Christyson", "profile_link": "https://github.com/christyson/"}, "description": "A shell script to upload and scan a application (zip or war etc.) and create the application if necessary. Uses Curl and hmac headers.", "categories": {"category": "Developer tools", "subcategory": "Other"}}, {"name": "Pipeline2DetailedReport", "link": "https://github.com/jphillips-vc/pipeline2detailedreport", "author": {"name": "JPhillips-vc", "profile_link": "https://github.com/jphillips-vc/"}, "description": "translate Veracode Pipeline Scan results into DetailedReport XML format, allowing you to import them into an IDE plugin for remediation.", "categories": {"category": "Pipeline Scan projects", "subcategory": null}}, {"name": "pipeline2html", "link": "https://github.com/victor-secops/pipeline2html", "author": {"name": "Victor-secops", "profile_link": "https://github.com/victor-secops/"}, "description": "run a Veracode Pipeline Scan and generate a human-readable .HTML file from the Veracode pipeline verification results.json file.", "categories": {"category": "Pipeline Scan projects", "subcategory": null}}, {"name": "veracode-pipeline-PR-comment", "link": "https://github.com/Lerer/veracode-pipeline-PR-comment", "author": {"name": "Lerer", "profile_link": "https://github.com/Lerer/veracode-pipeline-PR-comment"}, "description": "Sends output of Pipeline Scan to a comment on a pull request.", "categories": {"category": "Pipeline Scan projects", "subcategory": null}}, {"name": "veracode-pipeline-with-baseline", "link": "https://github.com/runkalicious/veracode-pipeline-with-baseline", "author": {"name": "Runkalicious", "profile_link": "https://github.com/runkalicious/"}, "description": "GitHub Action to perform a Veracode Pipeline Scan and, optionally, compare the results against a set of baseline results.", "categories": {"category": "Pipeline Scan projects", "subcategory": null}}, {"name": "veracode-da-reset-scheduler", "link": "https://github.com/dennismedeiros/veracode-da-reset-recheduler", "author": {"name": "dennismedeiros", "profile_link": "https://github.com/dennismedeiros"}, "description": "Resets all recurrent scheduled analysis jobs configured for one year that have expired.", "categories": {"category": "Dynamic Analysis projects", "subcategory": null}}, {"name": "Veracode Dynamic Analysis Examples", "link": "https://github.com/anon-veracoder/veracode-dynamic-analysis-api-examples", "author": {"name": "anon-veracoder", "profile_link": "https://github.com/anon-veracoder"}, "description": "Dynamic Analysis API Examples. Currently includes example code for using the Scanner Variables feature, where credentials can be defined and updated at the account level, and referenced in Selenium login scripts.", "categories": {"category": "Dynamic Analysis projects", "subcategory": null}}, {"name": "Excel (XLS)", "link": "https://github.com/Komiblanka/Veracode2xls", "author": {"name": "Komiblanka", "profile_link": "https://github.com/Komiblanka/"}, "description": "Python scripts to format Veracode XML results into Excel workbook formats for easier human consumption.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "(XLSX)", "link": "https://github.com/Komiblanka/Veracode2xlsx", "author": {"name": "Komiblanka", "profile_link": "https://github.com/Komiblanka/"}, "description": "Python scripts to format Veracode XML results into Excel workbook formats for easier human consumption.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Generate License Notice file", "link": "https://github.com/gmdavef/sca-scripts", "author": {"name": "Dave Ferguson", "profile_link": "https://github.com/gmdavef"}, "description": "Python script that creates a License Notice file (sometimes called an Attribution Report) for an application that has been scanned by Veracode SCA.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Generate SBOM", "link": "https://github.com/christyson/GenerateSBOM", "author": {"name": "Chris Tyson", "profile_link": "https://github.com/christyson"}, "description": "Python script to generate a Software Bill of Materials (SBOM) for an application in either CycloneDX or SPDX format.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Hygieia", "link": "https://github.com/mickfeech/hygieia_veracode_collector", "author": {"name": "Mickfeech", "profile_link": "https://github.com/mickfeech/"}, "description": "Veracode scan collector and parser for the [Hygieia dashboard](https://github.com/Hygieia/ExecDashboard).", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "JupiterOne Graph Veracode", "link": "https://github.com/JupiterOne/graph-veracode", "author": {"name": "JupiterOne", "profile_link": "https://github.com/JupiterOne/"}, "description": "A graph conversion tool for Veracode.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "SCA Extractor", "link": "https://github.com/brian1917/vcodeSCAExtractor", "author": {"name": "Brian1917", "profile_link": "https://github.com/brian1917"}, "description": "Creates a CSV file with open source vulnerability (SCA) findings for all builds in the input file.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Container Scan results to HTML", "link": "https://github.com/cadonuno/VeracodeContainerScanToHtml", "author": {"name": "cadonuno", "profile_link": "https://github.com/cadonuno"}, "description": "Converts the JSON output of a Veracode container scan into HTML.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Scan Compare", "link": "https://github.com/antfie/scan_compare", "author": {"name": "antfie", "profile_link": "https://github.com/antfie"}, "description": "Use this tool to compare two Veracode Static Analysis (SAST) scans to understand why they are different.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Scan Health", "link": "https://github.com/antfie/scan_health", "author": {"name": "antfie", "profile_link": "https://github.com/antfie"}, "description": "Produces a SAST scan health report with guidance on changes to make in order to improve the packaging and module selection to achieve greater flaw accuracy.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Stats", "link": "https://github.com/ctcampbell/veracode-stats", "author": {"name": "Ctcampbell", "profile_link": "https://github.com/ctcampbell"}, "description": "Summary statistics for a Veracode account on the command line.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "VeraData", "link": "https://github.com/sebcoles/VeraData", "author": {"name": "Seb Coles", "profile_link": "https://github.com/sebcoles"}, "description": "Console application that will retrieve data (all scans, flaws, mitigations etc) for a given AppId and store the results in a relational schema (only supports MSSQL Server currently) ready for plugging your favourite BI tool into!", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "VeraCustomTriage", "link": "https://github.com/sebcoles/VeraCustomTriage", "author": {"name": "Seb Coles", "profile_link": "https://github.com/sebcoles"}, "description": "App that generates a .xlsx remediation plan from a set of scan results augmented with text from JSON configuration files. Custom text is added when flaw criteria is met (such as a CWE ID, module name, file or line number). This allows custom text such as internal workflows, wiki links, training, code snippets, 2nd party information or other languages into the auto generated remediation plan. Enables app sec teams to triage large volumes of flaws quickly whilst sharing a core advice repository in code.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Report Converter (CSV)", "link": "https://github.com/dipsylala/VeracodeReportConverter-Windows", "author": {"name": "Dipsylala", "profile_link": "https://github.com/dipsylala/"}, "description": ".NET Framework utility to extract useful data from Detailed Report XML file into CSV format", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Report Converter Portable (CSV)", "link": "https://github.com/dipsylala/VeracodeReportConverter-Portable", "author": {"name": "Dipsylala", "profile_link": "https://github.com/dipsylala/"}, "description": ".NET Core utility to extract useful data from Detailed Report XML file into CSV format", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Gitlab SCA results report and issue generation", "link": "https://gitlab.com/julz0815/scaresultsreport", "author": {"name": "julz0815", "profile_link": "https://gitlab.com/julz0815/"}, "description": "Rewrites Veracode's Agent Based SCA json results in Gitlab readable report format in (orde)r to display results as dependency scanning on the pipeline run", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Gitlab static results report and issue generation", "link": "https://gitlab.com/julz0815/veracodesastresultsimport", "author": {"name": "julz0815", "profile_link": "https://gitlab.com/julz0815/"}, "description": "A little Java Script will download json results from a Veracode policy or sandbox scan into Gitlab readable report format in order display results as SAST results on the pipeline run and create Gitlab issues on the findings", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "veracode-to-csv", "link": "https://github.com/ctcampbell/veracode-to-csv", "author": {"name": "Ctcampbell", "profile_link": "https://github.com/ctcampbell"}, "description": "This script outputs one CSV file per scan per application profile visible in a Veracode platform account. The output can be imported into Splunk for further analysis.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "VCCLI", "link": "https://github.com/michaelhorty/VCCLI", "author": {"name": "Michaelhorty", "profile_link": "https://github.com/michaelhorty"}, "description": "Veracode AST and Security Labs utility in .NET Core.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Container Security Display (Unofficial)", "link": "https://relaxnow.github.io/vcsd/", "author": {"name": "relaxnow", "profile_link": "https://github.com/relaxnow"}, "description": "Display, sort and filter Container Security JSON results.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Azure AD SAML SSO Autocreating teams", "link": "https://dev.azure.com/jtotzek/_git/AD-Veracode-Teams", "author": {"name": "Jtotzek", "profile_link": "https://dev.azure.com/jtotzek/"}, "description": "Code and documentation on configuring Azure Active Directory to automatically create teams as part of the just-in-time provisioning workflow via SAML.", "categories": {"category": "User provisioning, management and deprovisioning", "subcategory": null}}, {"name": "Veracode API Credentials Expiry", "link": "https://github.com/christyson/veracode-python-api_credentials_expiry-example", "author": {"name": "Christyson", "profile_link": "https://github.com/christyson"}, "description": "A simple example to get the exiration dates of api credentials for your users.", "categories": {"category": "User provisioning, management and deprovisioning", "subcategory": null}}, {"name": "Veracode Get User List", "link": "https://github.com/christyson/veracode_get_user_list", "author": {"name": "Christyson", "profile_link": "https://github.com/christyson/"}, "description": "Get a list of users with their attributes.", "categories": {"category": "User provisioning, management and deprovisioning", "subcategory": null}}, {"name": "Veracode Offboard", "link": "https://github.com/tjarrettveracode/veracode-offboard", "author": {"name": "Tjarrettveracode", "profile_link": "https://github.com/tjarrettveracode"}, "description": "Deactivates a provided list of users on the Veracode Platform.", "categories": {"category": "User provisioning, management and deprovisioning", "subcategory": null}}, {"name": "Veracode User Bulk Role Assign", "link": "https://github.com/tjarrettveracode/veracode-user-bulk-role-assign", "author": {"name": "Tjarrettveracode", "profile_link": "https://github.com/tjarrettveracode/"}, "description": "Uses the Veracode Identity API to add roles (Security Labs User, Greenlight IDE User, or eLearning) to existing users.", "categories": {"category": "User provisioning, management and deprovisioning", "subcategory": null}}, {"name": "Veracode UM Powershell Tool", "link": "https://github.com/IGDEXE/Veracode-UM-Tool", "author": {"name": "IGD753", "profile_link": "https://github.com/IGDEXE"}, "description": "A completed User management tool write in Powershell using the Veracode APIs. You can use to create, block, delete and update users, in Windows, Linux or Mac terminal. This a simplified and translated version from the original in [Portuguese](https://github.com/IGDEXE/Veracode-UM).", "categories": {"category": "User provisioning, management and deprovisioning", "subcategory": null}}, {"name": "Veracode UM Powershell Tool in Portuguese", "link": "https://github.com/IGDEXE/Veracode-UM", "author": {"name": "IGD753", "profile_link": "https://github.com/IGDEXE"}, "description": "A completed User management tool write in Powershell using the Veracode APIs. This version is completed in Portuguese, and you can use to create, block, delete and update users, in Windows, Linux or Mac terminal.", "categories": {"category": "User provisioning, management and deprovisioning", "subcategory": null}}, {"name": "Veracode Archer", "link": "https://github.com/veracode/veracode-archer", "author": {"name": "Veracode", "profile_link": "https://github.com/veracode/"}, "description": "Script to export a Veracode Archer report file to disk. Usage: set on a timer and run daily or weekly, then import the results into RSA Archer.", "categories": {"category": "Application vulnerability correlation", "subcategory": null}}, {"name": "auth.js", "link": "https://gist.github.com/ThibaudLopez/fe1baeaa4461cbf0bfa8fd258ff43243", "author": {"name": "undefined", "profile_link": "undefined"}, "description": "Veracode custom HMAC request signing algorithm (used for API authorization), written in JavaScript -- uses Web Crypto API instead of the Node Crypto library", "categories": {"category": "HMAC Signing libraries", "subcategory": null}}, {"name": "PythonHMAC", "link": "https://github.com/veracode/veracode-python-hmac-example", "author": {"name": "Veracode", "profile_link": "https://github.com/veracode/"}, "description": "simple example of usage of the Veracode API signing library provided in the Veracode Help Center", "categories": {"category": "HMAC Signing libraries", "subcategory": null}}, {"name": "NodeJS", "link": "https://gist.github.com/mrpinghe/f44479f2270ea36bf3b7cc958cc76cc0", "author": {"name": "undefined", "profile_link": "undefined"}, "description": "NodeJS lib, written in JavaScript, to generate authorization header with Veracode API Key and ID. Sample usage in the comment of the gist", "categories": {"category": "HMAC Signing libraries", "subcategory": null}}, {"name": "vcodeHMAC", "link": "https://github.com/brian1917/vcodeHMAC", "author": {"name": "Brian1917", "profile_link": "https://github.com/brian1917/"}, "description": "Go package that creates an authorization header using Veracode API Key and ID.", "categories": {"category": "HMAC Signing libraries", "subcategory": null}}, {"name": "vcodeHMAC-CLI", "link": "https://github.com/brian1917/vcodeHMAC-CLI", "author": {"name": "Brian1917", "profile_link": "https://github.com/brian1917/"}, "description": "CLI tool to generate an authorization header for Veracode APIs using API ID and Key. Given an HTTP method and URL, and the location of your Veracode API credentials file, you will get the value of an Authorization header printed out for piping into curl, httpie, or other scripting uses.", "categories": {"category": "HMAC Signing libraries", "subcategory": null}}, {"name": "veracode-go-hmac-authentication", "link": "https://github.com/antfie/veracode-go-hmac-authentication", "author": {"name": "antfie", "profile_link": "https://github.com/antfie/"}, "description": "A simple Go package that follows the format of the existing HMAC Authentication Examples found in the [Veracode Help Center](https://docs.veracode.com/r/c_hmac_signing_example_c_sharp).", "categories": {"category": "HMAC Signing libraries", "subcategory": null}}, {"name": "Veracode_HMAC_Auth", "link": "https://github.com/rafaelzm2000/Veracode_HMAC_Auth", "author": {"name": "rafaelzm2000", "profile_link": "https://github.com/rafaelzm2000/"}, "description": "A PowerShell example for doing HMAC authentication to the Veracode APIs.", "categories": {"category": "HMAC Signing libraries", "subcategory": null}}, {"name": "Using curl and openssl to access the Veracode API endpoint", "link": "https://gist.github.com/m9aertner/7ae804a5297617456f81c8b5a3a9305b", "author": {"name": "m9aertner", "profile_link": "https://gist.github.com/m9aertner"}, "description": "short article illustrating use of built-in shell tools to handle HMAC signing and send API requests from the command line.", "categories": {"category": "HMAC Signing libraries", "subcategory": null}}, {"name": ".NET Core Nuget Package Wrapper", "link": "https://github.com/sebcoles/VeracodeServicesCore", "author": {"name": "Seb Coles", "profile_link": "https://github.com/sebcoles"}, "description": "C# NuGet package that wraps XML APIs", "categories": {"category": "API wrappers", "subcategory": null}}, {"name": "Go wrapper", "link": "https://github.com/brian1917/vcodeapi", "author": {"name": "Brian1917", "profile_link": "https://github.com/brian1917"}, "description": "Wrapper written in Go for easy use of Veracode APIs", "categories": {"category": "API wrappers", "subcategory": null}}, {"name": "node-veracode-api-client", "link": "https://github.com/m4l1c3/node-veracode-api-client", "author": {"name": "M4l1c3", "profile_link": "https://github.com/m4l1c3/"}, "description": "Node.js API client.", "categories": {"category": "API wrappers", "subcategory": null}}, {"name": "veracode-api (Ruby)", "link": "https://github.com/mort666/veracode-api", "author": {"name": "Mort666", "profile_link": "https://github.com/mort666/"}, "description": "Ruby Wrapper for the Veracode API.", "categories": {"category": "API wrappers", "subcategory": null}}, {"name": "veracode-api-clients", "link": "https://github.com/jourzero/veracode-api-clients", "author": {"name": "Jourzero", "profile_link": "https://github.com/jourzero/"}, "description": "Client code using the Veracode REST and XML APIs. Includes handlers for Veracode Dynamic Analysis scanning.", "categories": {"category": "API wrappers", "subcategory": null}}, {"name": "veracode-api-py", "link": "https://github.com/tjarrettveracode/veracode-api-py", "author": {"name": "Tjarrettveracode", "profile_link": "https://github.com/tjarrettveracode"}, "description": "Python helper library for working with the Veracode APIs. Handles retries, pagination, and other features of the modern Veracode REST APIs.", "categories": {"category": "API wrappers", "subcategory": null}}, {"name": "Bash shell", "link": "https://github.com/aparsons/Veracode", "author": {"name": "Aparsons", "profile_link": "https://github.com/aparsons/"}, "description": "Bash script for scanning a directory of code with the Veracode platform.", "categories": {"category": "Other integrations", "subcategory": null}}, {"name": "F5 WAF", "link": "https://github.com/julz0815/veracode-dynamic-2-F5-waf-export", "author": {"name": "Julz0815", "profile_link": "https://github.com/julz0815/"}, "description": "Transforms Veracode dynamic result files into the F5 generic scanner result format for import into the F5 web application firewall.", "categories": {"category": "Other integrations", "subcategory": null}}, {"name": "verapi", "link": "https://github.com/fsclyde/verapi", "author": {"name": "Fsclyde", "profile_link": "https://github.com/fsclyde/"}, "description": "Lambda function for automating Veracode static scans", "categories": {"category": "Other integrations", "subcategory": null}}, {"name": "veracode-api (Node)", "link": "https://github.com/kinichahau87/veracode-api", "author": {"name": "Kinichahau87", "profile_link": "https://github.com/~kinichahau87"}, "description": "Node.js package for automating Veracode scanning from the command line.", "categories": {"category": "Other integrations", "subcategory": null}}, {"name": "Veracode-cli", "link": "https://github.com/adidas/veracode-cli", "author": {"name": "Adidas", "profile_link": "https://github.com/adidas"}, "description": "Automated way to check application status and DevSecops compliance.", "categories": {"category": "Other integrations", "subcategory": null}}, {"name": "Veracode Notifier", "link": "https://github.com/ctcampbell/veracode-notifier", "author": {"name": "Ctcampbell", "profile_link": "https://github.com/ctcampbell"}, "description": "Lambda function that sends a message to a web hook, for instance for use with Slack", "categories": {"category": "Other integrations", "subcategory": null}}, {"name": "VeraHooks Mitigation Webhooks", "link": "https://github.com/sebcoles/VeraHooks", "author": {"name": "Seb Coles", "profile_link": "https://github.com/sebcoles"}, "description": "React .NET Core solution for creating custom webhooks that watch application profiles and trigger when mitigations meet specified conditions.", "categories": {"category": "Other integrations", "subcategory": null}}, {"name": "Secure cryptography examples for Java", "link": "https://github.com/1MansiS/java_crypto", "author": {"name": "1MansiS", "profile_link": "https://github.com/1MansiS/"}, "description": "Code samples showing how to use the Java Crypto API securely. Accompanying code for the [Java Crypto blog series](https://www.veracode.com/blog/research/how-get-started-using-java-cryptography-securely).", "categories": {"category": "Secure coding examples", "subcategory": null}}, {"name": "VeraDemo", "link": "https://github.com/jtsmith2020/verademo-java", "author": {"name": "Jtsmith2020", "profile_link": "https://github.com/jtsmith2020/"}, "description": "Sample insecure application written in Java and Javascript, showing vulnerabilities in realistic Java code.", "categories": {"category": "Insecure applications", "subcategory": null}}, {"name": "VeraDemoAPI", "link": "https://github.com/veracode/verademo-javascript-api", "author": {"name": "Veracode", "profile_link": "https://github.com/veracode"}, "description": "Sample insecure application written in Javascript, showing vulnerabilities in realistic Javascript code.", "categories": {"category": "Insecure applications", "subcategory": null}}, {"name": "VeraDemoJava", "link": "https://github.com/veracode/verademo-java-web", "author": {"name": "Veracode", "profile_link": "https://github.com/veracode"}, "description": "Sample insecure application written in Java, showing vulnerabilities in realistic Java code.", "categories": {"category": "Insecure applications", "subcategory": null}}, {"name": "VeraDemoDocker", "link": "https://github.com/veracode/verademo-app-docker", "author": {"name": "Veracode", "profile_link": "https://github.com/veracode"}, "description": "Bringing the 2 demo apps above VeraDemoJave and VeraDemoAPI together and start them within a docker environment. You will get a Java Web Application, a JavaScript node express API. a MySQL database and a vulnerable container.", "categories": {"category": "Insecure applications", "subcategory": null}}, {"name": "NodeGoat", "link": "https://github.com/buzzcode/NodeGoat", "author": {"name": "Buzzcode", "profile_link": "https://github.com/buzzcode/"}, "description": "NodeGoat, built w/CircleCI, showing how to use a yaml file to scan w/Veracode.", "categories": {"category": "Insecure applications", "subcategory": null}}, {"name": "Security Labs Scripts", "link": "https://github.com/gmdavef/security-labs-scripts", "author": {"name": "Dave Ferguson", "profile_link": "https://github.com/gmdavef"}, "description": "Python scripts to automate various administrative tasks in Veracode Security Labs.", "categories": {"category": "Automating Security Labs tasks", "subcategory": null}}]} \ No newline at end of file +{"community_integrations": [{"name": "Veracode_Delete_Sandbox", "link": "https://github.com/christyson/veracode_delete_sandbox", "author": {"name": "Christyson", "profile_link": "https://github.com/christyson/"}, "description": "A simple example script to delete a Sandbox if it exists in a Veracode application profile and you have the appropriate permissions.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Bulk add teams to workspaces", "link": "https://github.com/cadonuno/add-team-to-workspace", "author": {"name": "cadonuno", "profile_link": "https://github.com/cadibybi/"}, "description": "Allows for adding teams to workspaces in bulk.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Check Build Status", "link": "https://github.com/christyson/check_build_status", "author": {"name": "Christyson", "profile_link": "https://github.com/christyson/"}, "description": "Script to check if an application profile in Veracode has a build running currently. It also provides an option to delete the build if there is one running.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Check Pass Fail", "link": "https://github.com/christyson/check_pass_fail", "author": {"name": "Christyson", "profile_link": "https://github.com/christyson"}, "description": "A simple example script to check pass/fail status of a Veracode app profile (or sandbox) or for a list of app profiles with out sandboxes.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "VcodeAutoMitigate", "link": "https://github.com/brian1917/vcodeAutoMitigate", "author": {"name": "Brian1917", "profile_link": "https://github.com/brian1917/"}, "description": "Command line app that mitigates flaws in Veracode based on CWE, scan type, and specific text in the description.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "VcodeMitigationExpire", "link": "https://github.com/brian1917/vcodeMitigationExpire", "author": {"name": "Brian1917", "profile_link": "https://github.com/brian1917/"}, "description": "Utility designed to be run on a regular cadence (e.g., weekly cron job) to expire mitigations. The types of mitigations, expiration references, and other settings are controlled in a JSON config file.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Veracode Break the Build by Severity", "link": "https://github.com/christyson/Veracode-Break-The-Build-By-Severity", "author": {"name": "Christyson", "profile_link": "https://github.com/christyson/"}, "description": "This project contains three python scripts useful for working with Veracode projects in a build pipeline to break the build if any findings of a given severity or higher are found.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Veracode Create List of Sandboxes", "link": "https://github.com/cadonuno/veracode-create-list-of-sandboxes", "author": {"name": "cadonuno", "profile_link": "https://github.com/cadonuno/"}, "description": "This plugin creates a list of sandboxes in all available application profiles.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Veracode Get All SBOMs", "link": "https://github.com/cadonuno/Veracode-Bulk-SBOM", "author": {"name": "cadonuno", "profile_link": "https://github.com/cadonuno/"}, "description": "Allows for bulk generation of SBOM json files. It works for both US and EU instances and has support for Upload and Scan and Agent-based scan.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Veracode Get Single SBOM", "link": "https://github.com/cadonuno/Veracode-Get-Sbom", "author": {"name": "cadonuno", "profile_link": "https://github.com/cadonuno/"}, "description": "Gets the SBOM for a single Application Profile or Workspace/Project pair.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Veracode Mitigation Copier", "link": "https://github.com/tjarrettveracode/veracode-mitigation-copier", "author": {"name": "Tjarrettveracode", "profile_link": "https://github.com/tjarrettveracode/"}, "description": "Copies mitigations from one Veracode profile to another if it's the same flaw based on the following flaw attributes: issueid, cweid, type, sourcefile, and line. The script will copy all proposed and accepted mitigations for the flaw. The script will skip a flaw in the copy_to build if it already has an accepted mitigation.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Veracode PDF Reports", "link": "https://github.com/jphillips-vc/veracode-pdf-reports", "author": {"name": "Jphillips-vc", "profile_link": "https://github.com/jphillips-vc"}, "description": "Pulls latest PDF reports from Veracode for recent Static and Dynamic scans.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Veracode Policy Examples", "link": "https://github.com/tjarrettveracode/veracode-policy-examples", "author": {"name": "Tjarrettveracode", "profile_link": "https://github.com/tjarrettveracode"}, "description": "A collection of example application security \"policies as code\" that can be added to your Veracode organization account.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Veracode Promote Named Sandbox", "link": "https://github.com/cadonuno/Veracode-Promote-Named-Sandbox", "author": {"name": "cadonuno", "profile_link": "https://github.com/cadonuno/"}, "description": "This will promote the latest scan of a named sandbox.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Veracode Sandbox Mitigated Unique Findings", "link": "https://github.com/ctcampbell/veracode-sandbox-mitigated-unique-findings", "author": {"name": "Ctcampbell", "profile_link": "https://github.com/ctcampbell"}, "description": "This script will pull all open findings across all sandboxes for all applications and calculate which mitigated (proposed, accepted, or rejected) findings only exist in a single sandbox, and therefore may be deleted when the sandbox is deleted.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Veracode Scan Counts", "link": "https://github.com/tjarrettveracode/veracode-scan-counts", "author": {"name": "Tjarrettveracode", "profile_link": "https://github.com/tjarrettveracode"}, "description": "Identify Veracode application profiles with one or more static scans in an incomplete state.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Veracode Workspace Auto Create", "link": "https://github.com/tjarrettveracode/veracode-workspace-auto-create", "author": {"name": "Tjarrettveracode", "profile_link": "https://github.com/tjarrettveracode/"}, "description": "Uses the Veracode Agent Based Scan API and other Veracode REST APIs to automatically create a workspace for application profiles in a Veracode organization.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "Veracode Delete Sandboxes via Threshold", "link": "https://github.com/julz0815/VeracodeDeleteSandboxes", "author": {"name": "Julz0815", "profile_link": "https://github.com/julz0815/"}, "description": "Java Script that will automatically delete Sandboxes from a profile via a configured threshold and the number of Sandboxes to be deleted.", "categories": {"category": "Automating common Veracode Platform tasks", "subcategory": null}}, {"name": "JavaScript Auto Packager", "link": "https://github.com/dub-flow/veracode-javascript-packager", "author": {"name": "dub-flow", "profile_link": "https://github.com/dub-flow/"}, "description": "CLI tool to automatically package a `JavaScript` application for Veracode Static Analysis", "categories": {"category": "Developer tools", "subcategory": "Auto Packagers (for SAST)"}}, {"name": "Go Auto Packager", "link": "https://github.com/relaxnow/vcgopkg", "author": {"name": "relaxnow", "profile_link": "https://github.com/relaxnow"}, "description": "CLI tool to automatically package a `Golang` application for Veracode Static Analysis", "categories": {"category": "Developer tools", "subcategory": "Auto Packagers (for SAST)"}}, {"name": ".NET Auto Packager", "link": "https://github.com/nhinv11/veracode-dotnet-packager", "author": {"name": "nhinv11", "profile_link": "https://github.com/nhinv11"}, "description": "CLI tool to automatically package a `.NET` application for Veracode Static Analysis", "categories": {"category": "Developer tools", "subcategory": "Auto Packagers (for SAST)"}}, {"name": "Bamboo", "link": "https://gitlab.com/buzzcode/Bamboo-Veracode", "author": {"name": "Buzzcode", "profile_link": "https://gitlab.com/buzzcode/"}, "description": "full featured Bamboo plugin including configuration UI, wait for scan to complete, and \"break the build\" functionality", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Bamboo-Jira", "link": "https://github.com/buildcom/VeracodeAtlassianPlugin", "author": {"name": "Buildcom", "profile_link": "https://github.com/buildcom/"}, "description": "provides a pair of simple plugins for upload and results handling from within Bamboo, and a lightweight script to create Jira issues (archived project)", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Bash-CircleCI", "link": "https://github.com/unregistered436/veracode-integrations/tree/master/shell-script", "author": {"name": "Unregistered436", "profile_link": "https://github.com/unregistered436"}, "description": "Veracode Upload and Scan Bash Script, originally written for CircleCI but can be used for any build system that can run a shell script in bash.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Bitrise-step-veracode-scan", "link": "https://github.com/psoladoye-geotab/bitrise-step-veracode-scan", "author": {"name": "Psoladoye-geotab", "profile_link": "https://github.com/psoladoye-geotab/"}, "description": "add Veracode scanning to Bitrise CI.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "CircleCI", "link": "https://github.com/ctcircleci/Verademo/blob/master/.circleci/config.yml", "author": {"name": "ctcircleci", "profile_link": "https://github.com/ctcircleci"}, "description": "Example configurations for building a project with Maven, then executing policy scan, agent-based SCA, and pipeline scan in a CircleCI pipeline.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "CircleCI", "link": "https://github.com/buzzcode/NodeGoat/blob/master/.circleci/config.yml", "author": {"name": "buzzcode", "profile_link": "https://github.com/buzzcode"}, "description": "Example configuration for zipping a project, then executing policy scan, agent-based SCA, and pipeline scan in a CircleCI pipeline.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Exemplos Veracode", "link": "https://github.com/M3Corp-Community/Veracode", "author": {"name": "Ivo Dias", "profile_link": "https://github.com/IGDEXE"}, "description": "In this repository you will find several examples for Veracode implementations created by the [M3Corp](https://github.com/M3Corp-Community) team. In the [Pipelines](https://github.com/M3Corp-Community/Veracode/tree/main/Pipelines) folder you can find how to implement in the most diverse CI/CD tools, such as [Azure](https://github.com/M3Corp-Community/Veracode/tree/main/Pipelines/Az%20DevOps), [GitLab](https://github.com/M3Corp-Community/Veracode/tree/main/Pipelines/GitLab), [GitHub Actions](https://github.com/M3Corp-Community/Veracode/tree/main/Pipelines/GitHub%20Actions) and [Jenkins](https://github.com/M3Corp-Community/Veracode/tree/main/Pipelines/Jenkins). Other implementation examples such as running in a [terminal](https://github.com/M3Corp-Community/Veracode/tree/main/SOs) and [translating the results](https://github.com/M3Corp-Community/Veracode/tree/main/FreeStyle) are also available. We normally publish in Portuguese, but the examples are completely understandable in other languages", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Jenkins (Jenkins Shell)", "link": "https://github.com/ian-c-leonard/veracode_jenkins_shell", "author": {"name": "Ian C Leonard", "profile_link": "https://github.com/ian-c-leonard"}, "description": "unofficial Veracode shell integration for Jenkins Freestyle projects.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "veracode-badges", "link": "https://github.com/Lerer/veracode-badge", "author": {"name": "Lerer", "profile_link": "https://github.com/Lerer/"}, "description": "produces badges for READMEs and other artifact repositories showing the status of Veracode policy scans.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Veracode Community SAST Azure DevOps Extension", "link": "https://github.com/MetLife/VeracodeCommunitySAST", "author": {"name": "MetLife", "profile_link": "https://github.com/MetLife/"}, "description": "Seamlessly integrate Veracode SAST scans with Azure DevOps build pipelines (using Pipeline Scan).", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "veracode-serverless-webhooks", "link": "https://github.com/Lerer/serverless-veracode-webhooks", "author": {"name": "Lerer", "profile_link": "https://github.com/Lerer"}, "description": "enables Veracode customers who want to use the Veracode Upload-and-Scan Static and SCA (not the Pipeline or the IDE scans) and get updates back in an asynchronous manner.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Verademo", "link": "https://github.com/christyson/verademo", "author": {"name": "christyson", "profile_link": "https://github.com/christyson"}, "description": "custom fork of Verademo, featuring sample pipeline configurations for Bitbucket, Jenkins and Azure Pipelines.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "XebiaLabs Release Veracode Plugin", "link": "https://github.com/xebialabs-community/xlr-veracode-plugin", "author": {"name": "XebiaLabs-Community", "profile_link": "https://github.com/xebialabs-community"}, "description": "XL Release for Veracode test automation.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "veracode-yml-sample-pipelines", "link": "https://github.com/victor-secops/Veracode-yml-sample-pipelines", "author": {"name": "Victor-secops", "profile_link": "https://github.com/victor-secops/"}, "description": "example YML files for Azure DevOps, Jenkins, GitLab, CircleCI. Pipelines include Veracode SCA Agent scans, Veracode Static Analysis policy and pipeline scans.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "veracode-aws-documentation", "link": "https://github.com/ClintPollock/Veracode-AWS-Code-Suite-Getting-Started-Guide", "author": {"name": "Clintpollock", "profile_link": "https://github.com/Clintpollock"}, "description": "How to setup an AWS CodeSuite with Veracode Static Analysis, Software Composition Analysis, and Dynamic Analysis.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "veracode-examples", "link": "https://github.com/restonlogic/veracode-examples", "author": {"name": "Brandon Samuel", "profile_link": "https://github.com/Engrave-zz"}, "description": "This repository contains veracode examples in the form of use cases that can be run in end-user environments. Kubernetes. AWS CodePipeline. CircleCi to GCP Functions. Multi-tiered application leveraging various languages.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Veracode Azure YML Samples", "link": "https://github.com/Clintpollock/VeracodeAzureYMLSamples/", "author": {"name": "Clintpollock", "profile_link": "https://github.com/Clintpollock"}, "description": "Samples of Azure YML files that work with Veracode scanning", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Veracode Community SCA Azure DevOps Extension", "link": "https://github.com/MetLife/VeracodeCommunitySCA", "author": {"name": "MetLife", "profile_link": "https://github.com/MetLife/VeracodeCommunitySCA"}, "description": "Seamlessly integrate Veracode Agent-Based SCA scans with Azure DevOps build or release pipelines.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Veracode Dynamic Analysis Azure Sample", "link": "https://github.com/jphillips-vc/Veracode-Dynamic-Analysis-Azure-Example", "author": {"name": "Jphillips-vc", "profile_link": "https://github.com/jphillips-vc/"}, "description": "Veracode Dynamic Analysis Azure Sample including script based authentication, and ISM configuration.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Veracode Flaw Importer", "link": "https://github.com/julz0815/veracode_flaw_importer", "author": {"name": "Julz0815", "profile_link": "https://github.com/julz0815/"}, "description": "GitHub Action to import static policy findings to GitHub Security Code Scanning Alerts.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Veracode Flaw Importer Postprocessing", "link": "https://github.com/cadonuno/ADOWorkItemsPostProcess", "author": {"name": "cadonuno", "profile_link": "https://github.com/cadonuno/"}, "description": "Plugin made to run after the regular import to update the work items with an assigned user and a linked Work Item.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Veracode for Azure DevOps Pipelines", "link": "https://github.com/zoekdestep/veracode-ado-pipelines", "author": {"name": "zoekdestep", "profile_link": "https://github.com/zoekdestep/"}, "description": "Yaml files to get started with Veracode on Azure DevOps. Accompanies this [blog post](https://community.veracode.com/s/blog/user-story-how-we-set-up-veracode-in-a-large-azure-project-MCT4HNONEE55CIFA6O3ULXNUW2BI).", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Azure DevOps Pipeline-Scan plugin", "link": "https://github.com/julz0815/ADO-Veracode-Pipeline-Scan-Plugin", "author": {"name": "Julz0815", "profile_link": "https://github.com/julz0815/"}, "description": "This plugin should make it easier to run the Veracode pipeline scan on Azure DevOps pipelines. The full scan jar is included within the plugin and don't need to be downloaded each time when the pipeline runs. In addition it will populate an additional tab on your pipeline run to display results in a more convinient way. The plugin will automatically update itself every night if a new version of the piepline scan jar is published.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "SCA Findings to Work Items", "link": "https://github.com/cadonuno/SCAFindingsToWorkItems", "author": {"name": "Cadonuno", "profile_link": "https://github.com/cadonuno/"}, "description": "Saves new Veracode SCA findings as Azure DevOps Work Items.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Azure DevOps promote scan", "link": "https://github.com/dmedeiros-veracode/devops-scripts-azure-devops/blob/main/jobs/veracode-sast-platform-release-candidate-promote-job.yml", "author": {"name": "dmedeiros-veracode", "profile_link": "https://github.com/dmedeiros-veracode"}, "description": "This repository contains Azure DevOps scripts that can be referenced and used for integration with Veracode Analysis tools.", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Veracode Application Sandboxes Helper", "link": "https://github.com/marketplace/actions/veracode-application-sandboxes-helper", "author": {"name": "Lerer", "profile_link": "https://github.com/Lerer/"}, "description": "An Action to handle Sandboxes mainly as a set of clean-up activities such as: deleting a sandbox and promoting Sandbox scan to Policy Scan with or without deleting the sandbox", "categories": {"category": "Developer tools", "subcategory": "CI/CD"}}, {"name": "Gradle", "link": "https://github.com/calgaryscientific/veracode-gradle-plugin", "author": {"name": "CalgaryScientific](https://github.com/calgaryscientific), based on [Kctang", "profile_link": "https://github.com/calgaryscientific), based on [Kctang](https://github.com/kctang/"}, "description": "Set of Gradle tasks, usable either as a command line submission tool or integrated as part of a continuous integration build process, to perform Veracode submission for applications and scan results for flaws.", "categories": {"category": "Developer tools", "subcategory": "Build tools"}}, {"name": "Sbt-veracode", "link": "https://github.com/sullis/sbt-veracode", "author": {"name": "Sullis", "profile_link": "https://github.com/sullis/"}, "description": "sbt plugin for Veracode.", "categories": {"category": "Developer tools", "subcategory": "Build tools"}}, {"name": "VSCode-Veracode", "link": "https://gitlab.com/buzzcode/VSCode-Veracode", "author": {"name": "Buzzcode", "profile_link": "https://gitlab.com/buzzcode/VSCode-Veracode"}, "description": "a plugin for Visual Studio Code that enables integration with Veracode Static Analysis. Currently, this only supports flaw download, but will be enhanced to support upload as well in the future.", "categories": {"category": "Developer tools", "subcategory": "IDEs"}}, {"name": "vsccode-veracode-sca", "link": "https://github.com/Lerer/vscode-veracode-sca", "author": {"name": "Lerer", "profile_link": "https://github.com/Lerer/"}, "description": "A very simple plugin for Veracode SCA to get agent-base SCA results into VSCode IDE.", "categories": {"category": "Developer tools", "subcategory": "IDEs"}}, {"name": "unofficial-vs-code-veracode-pipeline-scan", "link": "https://github.com/ctcampbell/unofficial-vs-code-veracode-pipeline-scan", "author": {"name": "Ctcampbell", "profile_link": "https://github.com/ctcampbell/"}, "description": "Scan an app with Veracode Pipeline Scan, and load results from a Veracode Pipeline Scan. [Link to the plugin in VSCode marketplace](https://marketplace.visualstudio.com/items?itemName=ctcampbell-com.unofficial-vs-code-veracode)", "categories": {"category": "Developer tools", "subcategory": "IDEs"}}, {"name": "Veracode Unified Plugin Unofficial Version", "link": "https://github.com/Lerer/VSCode-Veracode-Unified", "author": {"name": "Lerer", "profile_link": "https://github.com/Lerer/"}, "description": "VSCode plugin which integrate with the Veracode platform and enables downloading of scan results (findings) for both Static and SCA (Upload-and-Scan), run pipeline scan, and submit mitigations [Link to the plugin in VSCode marketplace](https://marketplace.visualstudio.com/items?itemName=YaakovLerer.veracode)", "categories": {"category": "Developer tools", "subcategory": "IDEs"}}, {"name": "Jetbrains family plugin", "link": "https://github.com/geraldtancl/veracode.plugin", "author": {"name": "GeraldTanCL", "profile_link": "https://github.com/geraldtancl"}, "description": "Compliments Veracode's official IntelliJ IDE integration with support for other Jetbrains IDE products. It enables you to download the SAST result from Veracode Platform into your Jetbrains IDE.", "categories": {"category": "Developer tools", "subcategory": "IDEs"}}, {"name": "Insomnia", "link": "https://github.com/veracode/insomnia-plugin-veracode-hmac", "author": {"name": "Veracode", "profile_link": "https://github.com/veracode/"}, "description": "Adds an HMAC authentication header to Veracode API requests in Insomnia.", "categories": {"category": "Developer tools", "subcategory": "API testing tools"}}, {"name": "Veracode-Postman", "link": "https://github.com/veracode/veracode-postman", "author": {"name": "Veracode", "profile_link": "https://github.com/veracode/"}, "description": "Pre-request authentication script and instructions for accessing Veracode APIs from Postman.", "categories": {"category": "Developer tools", "subcategory": "API testing tools"}}, {"name": "Ansible", "link": "https://github.com/telusdigital/ansible-veracode-scanner", "author": {"name": "Telus Digital", "profile_link": "https://github.com/telusdigital"}, "description": "allows uploading and scanning with Veracode from Ansible, with an option to send results to a Slack channel", "categories": {"category": "Developer tools", "subcategory": "Other"}}, {"name": "Flowdock", "link": "https://github.com/brian1917/vcodeFlowdockNotifier", "author": {"name": "Brian1917", "profile_link": "https://github.com/brian1917/"}, "description": "Utility designed to be run in a build process after a Veracode scan to notify a Flowdock flow that the scan completed. Optional to include policy compliance info in notification.", "categories": {"category": "Developer tools", "subcategory": "Other"}}, {"name": "PowerShell", "link": "https://github.com/unregistered436/veracode-integrations/tree/master/powershell", "author": {"name": "Unregistered436", "profile_link": "https://github.com/unregistered436"}, "description": "PowerShell script for pushing binaries to Veracode using Java API.", "categories": {"category": "Developer tools", "subcategory": "Other"}}, {"name": "Slack", "link": "https://github.com/ctcampbell/veracode-slack-slash-command", "author": {"name": "Ctcampbell", "profile_link": "https://github.com/ctcampbell"}, "description": "AWS Lambda commands that provide the ability to access Veracode application and build information from Slack.", "categories": {"category": "Developer tools", "subcategory": "Other"}}, {"name": "SonarQube", "link": "https://gitlab.com/buzzcode/SonarQube-Veracode", "author": {"name": "Buzzcode", "profile_link": "https://gitlab.com/buzzcode"}, "description": "Unofficial Veracode plugin for SonarQube.", "categories": {"category": "Developer tools", "subcategory": "Other"}}, {"name": "Veracode QuickScan", "link": "https://github.com/relaxnow/veracode-quick-scan", "author": {"name": "relaxnow", "profile_link": "https://github.com/relaxnow"}, "description": "PHP example of how to connect to the APIs, scan a couple of files and get results.", "categories": {"category": "Developer tools", "subcategory": "Other"}}, {"name": "veracode-tools", "link": "https://github.com/ctcampbell/veracode-tools", "author": {"name": "Ctcampbell", "profile_link": "https://github.com/ctcampbell"}, "description": "Docker image with all Veracode tools pre-installed.", "categories": {"category": "Developer tools", "subcategory": "Other"}}, {"name": "Veracode Upload and Scan Shell Script", "link": "https://github.com/christyson/Veracode-Upload-and-Scan-Shell-Script", "author": {"name": "Christyson", "profile_link": "https://github.com/christyson/"}, "description": "A shell script to upload and scan a application (zip or war etc.) and create the application if necessary. Uses Curl and hmac headers.", "categories": {"category": "Developer tools", "subcategory": "Other"}}, {"name": "Pipeline2DetailedReport", "link": "https://github.com/jphillips-vc/pipeline2detailedreport", "author": {"name": "JPhillips-vc", "profile_link": "https://github.com/jphillips-vc/"}, "description": "translate Veracode Pipeline Scan results into DetailedReport XML format, allowing you to import them into an IDE plugin for remediation.", "categories": {"category": "Pipeline Scan projects", "subcategory": null}}, {"name": "pipeline2html", "link": "https://github.com/victor-secops/pipeline2html", "author": {"name": "Victor-secops", "profile_link": "https://github.com/victor-secops/"}, "description": "run a Veracode Pipeline Scan and generate a human-readable .HTML file from the Veracode pipeline verification results.json file.", "categories": {"category": "Pipeline Scan projects", "subcategory": null}}, {"name": "veracode-pipeline-PR-comment", "link": "https://github.com/Lerer/veracode-pipeline-PR-comment", "author": {"name": "Lerer", "profile_link": "https://github.com/Lerer/veracode-pipeline-PR-comment"}, "description": "Sends output of Pipeline Scan to a comment on a pull request.", "categories": {"category": "Pipeline Scan projects", "subcategory": null}}, {"name": "veracode-pipeline-with-baseline", "link": "https://github.com/runkalicious/veracode-pipeline-with-baseline", "author": {"name": "Runkalicious", "profile_link": "https://github.com/runkalicious/"}, "description": "GitHub Action to perform a Veracode Pipeline Scan and, optionally, compare the results against a set of baseline results.", "categories": {"category": "Pipeline Scan projects", "subcategory": null}}, {"name": "veracode-da-reset-scheduler", "link": "https://github.com/dennismedeiros/veracode-da-reset-recheduler", "author": {"name": "dennismedeiros", "profile_link": "https://github.com/dennismedeiros"}, "description": "Resets all recurrent scheduled analysis jobs configured for one year that have expired.", "categories": {"category": "Dynamic Analysis projects", "subcategory": null}}, {"name": "Veracode Dynamic Analysis Examples", "link": "https://github.com/anon-veracoder/veracode-dynamic-analysis-api-examples", "author": {"name": "anon-veracoder", "profile_link": "https://github.com/anon-veracoder"}, "description": "Dynamic Analysis API Examples. Currently includes example code for using the Scanner Variables feature, where credentials can be defined and updated at the account level, and referenced in Selenium login scripts.", "categories": {"category": "Dynamic Analysis projects", "subcategory": null}}, {"name": "Excel (XLS)", "link": "https://github.com/Komiblanka/Veracode2xls", "author": {"name": "Komiblanka", "profile_link": "https://github.com/Komiblanka/"}, "description": "Python scripts to format Veracode XML results into Excel workbook formats for easier human consumption.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "(XLSX)", "link": "https://github.com/Komiblanka/Veracode2xlsx", "author": {"name": "Komiblanka", "profile_link": "https://github.com/Komiblanka/"}, "description": "Python scripts to format Veracode XML results into Excel workbook formats for easier human consumption.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Generate License Notice file", "link": "https://github.com/gmdavef/sca-scripts", "author": {"name": "Dave Ferguson", "profile_link": "https://github.com/gmdavef"}, "description": "Python script that creates a License Notice file (sometimes called an Attribution Report) for an application that has been scanned by Veracode SCA.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Generate SBOM", "link": "https://github.com/christyson/GenerateSBOM", "author": {"name": "Chris Tyson", "profile_link": "https://github.com/christyson"}, "description": "Python script to generate a Software Bill of Materials (SBOM) for an application in either CycloneDX or SPDX format.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Hygieia", "link": "https://github.com/mickfeech/hygieia_veracode_collector", "author": {"name": "Mickfeech", "profile_link": "https://github.com/mickfeech/"}, "description": "Veracode scan collector and parser for the [Hygieia dashboard](https://github.com/Hygieia/ExecDashboard).", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "JupiterOne Graph Veracode", "link": "https://github.com/JupiterOne/graph-veracode", "author": {"name": "JupiterOne", "profile_link": "https://github.com/JupiterOne/"}, "description": "A graph conversion tool for Veracode.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "SCA Extractor", "link": "https://github.com/brian1917/vcodeSCAExtractor", "author": {"name": "Brian1917", "profile_link": "https://github.com/brian1917"}, "description": "Creates a CSV file with open source vulnerability (SCA) findings for all builds in the input file.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Container Scan results to HTML", "link": "https://github.com/cadonuno/VeracodeContainerScanToHtml", "author": {"name": "cadonuno", "profile_link": "https://github.com/cadonuno"}, "description": "Converts the JSON output of a Veracode container scan into HTML.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Scan Compare", "link": "https://github.com/antfie/scan_compare", "author": {"name": "antfie", "profile_link": "https://github.com/antfie"}, "description": "Use this tool to compare two Veracode Static Analysis (SAST) scans to understand why they are different.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Scan Health", "link": "https://github.com/antfie/scan_health", "author": {"name": "antfie", "profile_link": "https://github.com/antfie"}, "description": "Produces a SAST scan health report with guidance on changes to make in order to improve the packaging and module selection to achieve greater flaw accuracy.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Stats", "link": "https://github.com/ctcampbell/veracode-stats", "author": {"name": "Ctcampbell", "profile_link": "https://github.com/ctcampbell"}, "description": "Summary statistics for a Veracode account on the command line.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "VeraData", "link": "https://github.com/sebcoles/VeraData", "author": {"name": "Seb Coles", "profile_link": "https://github.com/sebcoles"}, "description": "Console application that will retrieve data (all scans, flaws, mitigations etc) for a given AppId and store the results in a relational schema (only supports MSSQL Server currently) ready for plugging your favourite BI tool into!", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "VeraCustomTriage", "link": "https://github.com/sebcoles/VeraCustomTriage", "author": {"name": "Seb Coles", "profile_link": "https://github.com/sebcoles"}, "description": "App that generates a .xlsx remediation plan from a set of scan results augmented with text from JSON configuration files. Custom text is added when flaw criteria is met (such as a CWE ID, module name, file or line number). This allows custom text such as internal workflows, wiki links, training, code snippets, 2nd party information or other languages into the auto generated remediation plan. Enables app sec teams to triage large volumes of flaws quickly whilst sharing a core advice repository in code.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Report Converter (CSV)", "link": "https://github.com/dipsylala/VeracodeReportConverter-Windows", "author": {"name": "Dipsylala", "profile_link": "https://github.com/dipsylala/"}, "description": ".NET Framework utility to extract useful data from Detailed Report XML file into CSV format", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Report Converter Portable (CSV)", "link": "https://github.com/dipsylala/VeracodeReportConverter-Portable", "author": {"name": "Dipsylala", "profile_link": "https://github.com/dipsylala/"}, "description": ".NET Core utility to extract useful data from Detailed Report XML file into CSV format", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Gitlab SCA results report and issue generation", "link": "https://gitlab.com/julz0815/scaresultsreport", "author": {"name": "julz0815", "profile_link": "https://gitlab.com/julz0815/"}, "description": "Rewrites Veracode's Agent Based SCA json results in Gitlab readable report format in (orde)r to display results as dependency scanning on the pipeline run", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Gitlab static results report and issue generation", "link": "https://gitlab.com/julz0815/veracodesastresultsimport", "author": {"name": "julz0815", "profile_link": "https://gitlab.com/julz0815/"}, "description": "A little Java Script will download json results from a Veracode policy or sandbox scan into Gitlab readable report format in order display results as SAST results on the pipeline run and create Gitlab issues on the findings", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "veracode-to-csv", "link": "https://github.com/ctcampbell/veracode-to-csv", "author": {"name": "Ctcampbell", "profile_link": "https://github.com/ctcampbell"}, "description": "This script outputs one CSV file per scan per application profile visible in a Veracode platform account. The output can be imported into Splunk for further analysis.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "VCCLI", "link": "https://github.com/michaelhorty/VCCLI", "author": {"name": "Michaelhorty", "profile_link": "https://github.com/michaelhorty"}, "description": "Veracode AST and Security Labs utility in .NET Core.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Container Security Display (Unofficial)", "link": "https://relaxnow.github.io/vcsd/", "author": {"name": "relaxnow", "profile_link": "https://github.com/relaxnow"}, "description": "Display, sort and filter Container Security JSON results.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "TopDesk", "link": "https://github.com/daniel-marchi/Veracode.Integration.TopDesk", "author": {"name": "Daniel-Marchi", "profile_link": "https://github.com/daniel-marchi"}, "description": "Integration with ITSM | CSC | ESM tool called [TopDesk](https://www.topdesk.com/).", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Azure AD SAML SSO Autocreating teams", "link": "https://dev.azure.com/jtotzek/_git/AD-Veracode-Teams", "author": {"name": "Jtotzek", "profile_link": "https://dev.azure.com/jtotzek/"}, "description": "Code and documentation on configuring Azure Active Directory to automatically create teams as part of the just-in-time provisioning workflow via SAML.", "categories": {"category": "User provisioning, management and deprovisioning", "subcategory": null}}, {"name": "Veracode API Credentials Expiry", "link": "https://github.com/christyson/veracode-python-api_credentials_expiry-example", "author": {"name": "Christyson", "profile_link": "https://github.com/christyson"}, "description": "A simple example to get the exiration dates of api credentials for your users.", "categories": {"category": "User provisioning, management and deprovisioning", "subcategory": null}}, {"name": "Veracode Get User List", "link": "https://github.com/christyson/veracode_get_user_list", "author": {"name": "Christyson", "profile_link": "https://github.com/christyson/"}, "description": "Get a list of users with their attributes.", "categories": {"category": "User provisioning, management and deprovisioning", "subcategory": null}}, {"name": "Veracode Offboard", "link": "https://github.com/tjarrettveracode/veracode-offboard", "author": {"name": "Tjarrettveracode", "profile_link": "https://github.com/tjarrettveracode"}, "description": "Deactivates a provided list of users on the Veracode Platform.", "categories": {"category": "User provisioning, management and deprovisioning", "subcategory": null}}, {"name": "Veracode User Bulk Role Assign", "link": "https://github.com/tjarrettveracode/veracode-user-bulk-role-assign", "author": {"name": "Tjarrettveracode", "profile_link": "https://github.com/tjarrettveracode/"}, "description": "Uses the Veracode Identity API to add roles (Security Labs User, Greenlight IDE User, or eLearning) to existing users.", "categories": {"category": "User provisioning, management and deprovisioning", "subcategory": null}}, {"name": "Veracode UM Powershell Tool", "link": "https://github.com/IGDEXE/Veracode-UM-Tool", "author": {"name": "IGD753", "profile_link": "https://github.com/IGDEXE"}, "description": "A completed User management tool write in Powershell using the Veracode APIs. You can use to create, block, delete and update users, in Windows, Linux or Mac terminal. This a simplified and translated version from the original in [Portuguese](https://github.com/IGDEXE/Veracode-UM).", "categories": {"category": "User provisioning, management and deprovisioning", "subcategory": null}}, {"name": "Veracode UM Powershell Tool in Portuguese", "link": "https://github.com/IGDEXE/Veracode-UM", "author": {"name": "IGD753", "profile_link": "https://github.com/IGDEXE"}, "description": "A completed User management tool write in Powershell using the Veracode APIs. This version is completed in Portuguese, and you can use to create, block, delete and update users, in Windows, Linux or Mac terminal.", "categories": {"category": "User provisioning, management and deprovisioning", "subcategory": null}}, {"name": "Veracode Archer", "link": "https://github.com/veracode/veracode-archer", "author": {"name": "Veracode", "profile_link": "https://github.com/veracode/"}, "description": "Script to export a Veracode Archer report file to disk. Usage: set on a timer and run daily or weekly, then import the results into RSA Archer.", "categories": {"category": "Application vulnerability correlation", "subcategory": null}}, {"name": "auth.js", "link": "https://gist.github.com/ThibaudLopez/fe1baeaa4461cbf0bfa8fd258ff43243", "author": {"name": "undefined", "profile_link": "undefined"}, "description": "Veracode custom HMAC request signing algorithm (used for API authorization), written in JavaScript -- uses Web Crypto API instead of the Node Crypto library", "categories": {"category": "HMAC Signing libraries", "subcategory": null}}, {"name": "PythonHMAC", "link": "https://github.com/veracode/veracode-python-hmac-example", "author": {"name": "Veracode", "profile_link": "https://github.com/veracode/"}, "description": "simple example of usage of the Veracode API signing library provided in the Veracode Help Center", "categories": {"category": "HMAC Signing libraries", "subcategory": null}}, {"name": "NodeJS", "link": "https://gist.github.com/mrpinghe/f44479f2270ea36bf3b7cc958cc76cc0", "author": {"name": "undefined", "profile_link": "undefined"}, "description": "NodeJS lib, written in JavaScript, to generate authorization header with Veracode API Key and ID. Sample usage in the comment of the gist", "categories": {"category": "HMAC Signing libraries", "subcategory": null}}, {"name": "vcodeHMAC", "link": "https://github.com/brian1917/vcodeHMAC", "author": {"name": "Brian1917", "profile_link": "https://github.com/brian1917/"}, "description": "Go package that creates an authorization header using Veracode API Key and ID.", "categories": {"category": "HMAC Signing libraries", "subcategory": null}}, {"name": "vcodeHMAC-CLI", "link": "https://github.com/brian1917/vcodeHMAC-CLI", "author": {"name": "Brian1917", "profile_link": "https://github.com/brian1917/"}, "description": "CLI tool to generate an authorization header for Veracode APIs using API ID and Key. Given an HTTP method and URL, and the location of your Veracode API credentials file, you will get the value of an Authorization header printed out for piping into curl, httpie, or other scripting uses.", "categories": {"category": "HMAC Signing libraries", "subcategory": null}}, {"name": "veracode-go-hmac-authentication", "link": "https://github.com/antfie/veracode-go-hmac-authentication", "author": {"name": "antfie", "profile_link": "https://github.com/antfie/"}, "description": "A simple Go package that follows the format of the existing HMAC Authentication Examples found in the [Veracode Help Center](https://docs.veracode.com/r/c_hmac_signing_example_c_sharp).", "categories": {"category": "HMAC Signing libraries", "subcategory": null}}, {"name": "Veracode_HMAC_Auth", "link": "https://github.com/rafaelzm2000/Veracode_HMAC_Auth", "author": {"name": "rafaelzm2000", "profile_link": "https://github.com/rafaelzm2000/"}, "description": "A PowerShell example for doing HMAC authentication to the Veracode APIs.", "categories": {"category": "HMAC Signing libraries", "subcategory": null}}, {"name": "Using curl and openssl to access the Veracode API endpoint", "link": "https://gist.github.com/m9aertner/7ae804a5297617456f81c8b5a3a9305b", "author": {"name": "m9aertner", "profile_link": "https://gist.github.com/m9aertner"}, "description": "short article illustrating use of built-in shell tools to handle HMAC signing and send API requests from the command line.", "categories": {"category": "HMAC Signing libraries", "subcategory": null}}, {"name": ".NET Core Nuget Package Wrapper", "link": "https://github.com/sebcoles/VeracodeServicesCore", "author": {"name": "Seb Coles", "profile_link": "https://github.com/sebcoles"}, "description": "C# NuGet package that wraps XML APIs", "categories": {"category": "API wrappers", "subcategory": null}}, {"name": "Go wrapper", "link": "https://github.com/brian1917/vcodeapi", "author": {"name": "Brian1917", "profile_link": "https://github.com/brian1917"}, "description": "Wrapper written in Go for easy use of Veracode APIs", "categories": {"category": "API wrappers", "subcategory": null}}, {"name": "node-veracode-api-client", "link": "https://github.com/m4l1c3/node-veracode-api-client", "author": {"name": "M4l1c3", "profile_link": "https://github.com/m4l1c3/"}, "description": "Node.js API client.", "categories": {"category": "API wrappers", "subcategory": null}}, {"name": "veracode-api (Ruby)", "link": "https://github.com/mort666/veracode-api", "author": {"name": "Mort666", "profile_link": "https://github.com/mort666/"}, "description": "Ruby Wrapper for the Veracode API.", "categories": {"category": "API wrappers", "subcategory": null}}, {"name": "veracode-api-clients", "link": "https://github.com/jourzero/veracode-api-clients", "author": {"name": "Jourzero", "profile_link": "https://github.com/jourzero/"}, "description": "Client code using the Veracode REST and XML APIs. Includes handlers for Veracode Dynamic Analysis scanning.", "categories": {"category": "API wrappers", "subcategory": null}}, {"name": "veracode-api-py", "link": "https://github.com/tjarrettveracode/veracode-api-py", "author": {"name": "Tjarrettveracode", "profile_link": "https://github.com/tjarrettveracode"}, "description": "Python helper library for working with the Veracode APIs. Handles retries, pagination, and other features of the modern Veracode REST APIs.", "categories": {"category": "API wrappers", "subcategory": null}}, {"name": "Bash shell", "link": "https://github.com/aparsons/Veracode", "author": {"name": "Aparsons", "profile_link": "https://github.com/aparsons/"}, "description": "Bash script for scanning a directory of code with the Veracode platform.", "categories": {"category": "Other integrations", "subcategory": null}}, {"name": "F5 WAF", "link": "https://github.com/julz0815/veracode-dynamic-2-F5-waf-export", "author": {"name": "Julz0815", "profile_link": "https://github.com/julz0815/"}, "description": "Transforms Veracode dynamic result files into the F5 generic scanner result format for import into the F5 web application firewall.", "categories": {"category": "Other integrations", "subcategory": null}}, {"name": "verapi", "link": "https://github.com/fsclyde/verapi", "author": {"name": "Fsclyde", "profile_link": "https://github.com/fsclyde/"}, "description": "Lambda function for automating Veracode static scans", "categories": {"category": "Other integrations", "subcategory": null}}, {"name": "veracode-api (Node)", "link": "https://github.com/kinichahau87/veracode-api", "author": {"name": "Kinichahau87", "profile_link": "https://github.com/~kinichahau87"}, "description": "Node.js package for automating Veracode scanning from the command line.", "categories": {"category": "Other integrations", "subcategory": null}}, {"name": "Veracode-cli", "link": "https://github.com/adidas/veracode-cli", "author": {"name": "Adidas", "profile_link": "https://github.com/adidas"}, "description": "Automated way to check application status and DevSecops compliance.", "categories": {"category": "Other integrations", "subcategory": null}}, {"name": "Veracode Notifier", "link": "https://github.com/ctcampbell/veracode-notifier", "author": {"name": "Ctcampbell", "profile_link": "https://github.com/ctcampbell"}, "description": "Lambda function that sends a message to a web hook, for instance for use with Slack", "categories": {"category": "Other integrations", "subcategory": null}}, {"name": "VeraHooks Mitigation Webhooks", "link": "https://github.com/sebcoles/VeraHooks", "author": {"name": "Seb Coles", "profile_link": "https://github.com/sebcoles"}, "description": "React .NET Core solution for creating custom webhooks that watch application profiles and trigger when mitigations meet specified conditions.", "categories": {"category": "Other integrations", "subcategory": null}}, {"name": "Secure cryptography examples for Java", "link": "https://github.com/1MansiS/java_crypto", "author": {"name": "1MansiS", "profile_link": "https://github.com/1MansiS/"}, "description": "Code samples showing how to use the Java Crypto API securely. Accompanying code for the [Java Crypto blog series](https://www.veracode.com/blog/research/how-get-started-using-java-cryptography-securely).", "categories": {"category": "Secure coding examples", "subcategory": null}}, {"name": "VeraDemo", "link": "https://github.com/jtsmith2020/verademo-java", "author": {"name": "Jtsmith2020", "profile_link": "https://github.com/jtsmith2020/"}, "description": "Sample insecure application written in Java and Javascript, showing vulnerabilities in realistic Java code.", "categories": {"category": "Insecure applications", "subcategory": null}}, {"name": "VeraDemoAPI", "link": "https://github.com/veracode/verademo-javascript-api", "author": {"name": "Veracode", "profile_link": "https://github.com/veracode"}, "description": "Sample insecure application written in Javascript, showing vulnerabilities in realistic Javascript code.", "categories": {"category": "Insecure applications", "subcategory": null}}, {"name": "VeraDemoJava", "link": "https://github.com/veracode/verademo-java-web", "author": {"name": "Veracode", "profile_link": "https://github.com/veracode"}, "description": "Sample insecure application written in Java, showing vulnerabilities in realistic Java code.", "categories": {"category": "Insecure applications", "subcategory": null}}, {"name": "VeraDemoDocker", "link": "https://github.com/veracode/verademo-app-docker", "author": {"name": "Veracode", "profile_link": "https://github.com/veracode"}, "description": "Bringing the 2 demo apps above VeraDemoJave and VeraDemoAPI together and start them within a docker environment. You will get a Java Web Application, a JavaScript node express API. a MySQL database and a vulnerable container.", "categories": {"category": "Insecure applications", "subcategory": null}}, {"name": "NodeGoat", "link": "https://github.com/buzzcode/NodeGoat", "author": {"name": "Buzzcode", "profile_link": "https://github.com/buzzcode/"}, "description": "NodeGoat, built w/CircleCI, showing how to use a yaml file to scan w/Veracode.", "categories": {"category": "Insecure applications", "subcategory": null}}, {"name": "Security Labs Scripts", "link": "https://github.com/gmdavef/security-labs-scripts", "author": {"name": "Dave Ferguson", "profile_link": "https://github.com/gmdavef"}, "description": "Python scripts to automate various administrative tasks in Veracode Security Labs.", "categories": {"category": "Automating Security Labs tasks", "subcategory": null}}]} \ No newline at end of file diff --git a/community-feed/results-collection-and-display.json b/community-feed/results-collection-and-display.json index a6d9488..12de259 100644 --- a/community-feed/results-collection-and-display.json +++ b/community-feed/results-collection-and-display.json @@ -1 +1 @@ -{"results-collection-and-display": [{"name": "Excel (XLS)", "link": "https://github.com/Komiblanka/Veracode2xls", "author": {"name": "Komiblanka", "profile_link": "https://github.com/Komiblanka/"}, "description": "Python scripts to format Veracode XML results into Excel workbook formats for easier human consumption.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "(XLSX)", "link": "https://github.com/Komiblanka/Veracode2xlsx", "author": {"name": "Komiblanka", "profile_link": "https://github.com/Komiblanka/"}, "description": "Python scripts to format Veracode XML results into Excel workbook formats for easier human consumption.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Generate License Notice file", "link": "https://github.com/gmdavef/sca-scripts", "author": {"name": "Dave Ferguson", "profile_link": "https://github.com/gmdavef"}, "description": "Python script that creates a License Notice file (sometimes called an Attribution Report) for an application that has been scanned by Veracode SCA.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Generate SBOM", "link": "https://github.com/christyson/GenerateSBOM", "author": {"name": "Chris Tyson", "profile_link": "https://github.com/christyson"}, "description": "Python script to generate a Software Bill of Materials (SBOM) for an application in either CycloneDX or SPDX format.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Hygieia", "link": "https://github.com/mickfeech/hygieia_veracode_collector", "author": {"name": "Mickfeech", "profile_link": "https://github.com/mickfeech/"}, "description": "Veracode scan collector and parser for the [Hygieia dashboard](https://github.com/Hygieia/ExecDashboard).", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "JupiterOne Graph Veracode", "link": "https://github.com/JupiterOne/graph-veracode", "author": {"name": "JupiterOne", "profile_link": "https://github.com/JupiterOne/"}, "description": "A graph conversion tool for Veracode.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "SCA Extractor", "link": "https://github.com/brian1917/vcodeSCAExtractor", "author": {"name": "Brian1917", "profile_link": "https://github.com/brian1917"}, "description": "Creates a CSV file with open source vulnerability (SCA) findings for all builds in the input file.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Container Scan results to HTML", "link": "https://github.com/cadonuno/VeracodeContainerScanToHtml", "author": {"name": "cadonuno", "profile_link": "https://github.com/cadonuno"}, "description": "Converts the JSON output of a Veracode container scan into HTML.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Scan Compare", "link": "https://github.com/antfie/scan_compare", "author": {"name": "antfie", "profile_link": "https://github.com/antfie"}, "description": "Use this tool to compare two Veracode Static Analysis (SAST) scans to understand why they are different.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Scan Health", "link": "https://github.com/antfie/scan_health", "author": {"name": "antfie", "profile_link": "https://github.com/antfie"}, "description": "Produces a SAST scan health report with guidance on changes to make in order to improve the packaging and module selection to achieve greater flaw accuracy.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Stats", "link": "https://github.com/ctcampbell/veracode-stats", "author": {"name": "Ctcampbell", "profile_link": "https://github.com/ctcampbell"}, "description": "Summary statistics for a Veracode account on the command line.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "VeraData", "link": "https://github.com/sebcoles/VeraData", "author": {"name": "Seb Coles", "profile_link": "https://github.com/sebcoles"}, "description": "Console application that will retrieve data (all scans, flaws, mitigations etc) for a given AppId and store the results in a relational schema (only supports MSSQL Server currently) ready for plugging your favourite BI tool into!", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "VeraCustomTriage", "link": "https://github.com/sebcoles/VeraCustomTriage", "author": {"name": "Seb Coles", "profile_link": "https://github.com/sebcoles"}, "description": "App that generates a .xlsx remediation plan from a set of scan results augmented with text from JSON configuration files. Custom text is added when flaw criteria is met (such as a CWE ID, module name, file or line number). This allows custom text such as internal workflows, wiki links, training, code snippets, 2nd party information or other languages into the auto generated remediation plan. Enables app sec teams to triage large volumes of flaws quickly whilst sharing a core advice repository in code.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Report Converter (CSV)", "link": "https://github.com/dipsylala/VeracodeReportConverter-Windows", "author": {"name": "Dipsylala", "profile_link": "https://github.com/dipsylala/"}, "description": ".NET Framework utility to extract useful data from Detailed Report XML file into CSV format", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Report Converter Portable (CSV)", "link": "https://github.com/dipsylala/VeracodeReportConverter-Portable", "author": {"name": "Dipsylala", "profile_link": "https://github.com/dipsylala/"}, "description": ".NET Core utility to extract useful data from Detailed Report XML file into CSV format", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Gitlab SCA results report and issue generation", "link": "https://gitlab.com/julz0815/scaresultsreport", "author": {"name": "julz0815", "profile_link": "https://gitlab.com/julz0815/"}, "description": "Rewrites Veracode's Agent Based SCA json results in Gitlab readable report format in (orde)r to display results as dependency scanning on the pipeline run", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Gitlab static results report and issue generation", "link": "https://gitlab.com/julz0815/veracodesastresultsimport", "author": {"name": "julz0815", "profile_link": "https://gitlab.com/julz0815/"}, "description": "A little Java Script will download json results from a Veracode policy or sandbox scan into Gitlab readable report format in order display results as SAST results on the pipeline run and create Gitlab issues on the findings", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "veracode-to-csv", "link": "https://github.com/ctcampbell/veracode-to-csv", "author": {"name": "Ctcampbell", "profile_link": "https://github.com/ctcampbell"}, "description": "This script outputs one CSV file per scan per application profile visible in a Veracode platform account. The output can be imported into Splunk for further analysis.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "VCCLI", "link": "https://github.com/michaelhorty/VCCLI", "author": {"name": "Michaelhorty", "profile_link": "https://github.com/michaelhorty"}, "description": "Veracode AST and Security Labs utility in .NET Core.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Container Security Display (Unofficial)", "link": "https://relaxnow.github.io/vcsd/", "author": {"name": "relaxnow", "profile_link": "https://github.com/relaxnow"}, "description": "Display, sort and filter Container Security JSON results.", "categories": {"category": "Results collection and display", "subcategory": null}}]} \ No newline at end of file +{"results-collection-and-display": [{"name": "Excel (XLS)", "link": "https://github.com/Komiblanka/Veracode2xls", "author": {"name": "Komiblanka", "profile_link": "https://github.com/Komiblanka/"}, "description": "Python scripts to format Veracode XML results into Excel workbook formats for easier human consumption.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "(XLSX)", "link": "https://github.com/Komiblanka/Veracode2xlsx", "author": {"name": "Komiblanka", "profile_link": "https://github.com/Komiblanka/"}, "description": "Python scripts to format Veracode XML results into Excel workbook formats for easier human consumption.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Generate License Notice file", "link": "https://github.com/gmdavef/sca-scripts", "author": {"name": "Dave Ferguson", "profile_link": "https://github.com/gmdavef"}, "description": "Python script that creates a License Notice file (sometimes called an Attribution Report) for an application that has been scanned by Veracode SCA.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Generate SBOM", "link": "https://github.com/christyson/GenerateSBOM", "author": {"name": "Chris Tyson", "profile_link": "https://github.com/christyson"}, "description": "Python script to generate a Software Bill of Materials (SBOM) for an application in either CycloneDX or SPDX format.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Hygieia", "link": "https://github.com/mickfeech/hygieia_veracode_collector", "author": {"name": "Mickfeech", "profile_link": "https://github.com/mickfeech/"}, "description": "Veracode scan collector and parser for the [Hygieia dashboard](https://github.com/Hygieia/ExecDashboard).", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "JupiterOne Graph Veracode", "link": "https://github.com/JupiterOne/graph-veracode", "author": {"name": "JupiterOne", "profile_link": "https://github.com/JupiterOne/"}, "description": "A graph conversion tool for Veracode.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "SCA Extractor", "link": "https://github.com/brian1917/vcodeSCAExtractor", "author": {"name": "Brian1917", "profile_link": "https://github.com/brian1917"}, "description": "Creates a CSV file with open source vulnerability (SCA) findings for all builds in the input file.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Container Scan results to HTML", "link": "https://github.com/cadonuno/VeracodeContainerScanToHtml", "author": {"name": "cadonuno", "profile_link": "https://github.com/cadonuno"}, "description": "Converts the JSON output of a Veracode container scan into HTML.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Scan Compare", "link": "https://github.com/antfie/scan_compare", "author": {"name": "antfie", "profile_link": "https://github.com/antfie"}, "description": "Use this tool to compare two Veracode Static Analysis (SAST) scans to understand why they are different.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Scan Health", "link": "https://github.com/antfie/scan_health", "author": {"name": "antfie", "profile_link": "https://github.com/antfie"}, "description": "Produces a SAST scan health report with guidance on changes to make in order to improve the packaging and module selection to achieve greater flaw accuracy.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Stats", "link": "https://github.com/ctcampbell/veracode-stats", "author": {"name": "Ctcampbell", "profile_link": "https://github.com/ctcampbell"}, "description": "Summary statistics for a Veracode account on the command line.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "VeraData", "link": "https://github.com/sebcoles/VeraData", "author": {"name": "Seb Coles", "profile_link": "https://github.com/sebcoles"}, "description": "Console application that will retrieve data (all scans, flaws, mitigations etc) for a given AppId and store the results in a relational schema (only supports MSSQL Server currently) ready for plugging your favourite BI tool into!", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "VeraCustomTriage", "link": "https://github.com/sebcoles/VeraCustomTriage", "author": {"name": "Seb Coles", "profile_link": "https://github.com/sebcoles"}, "description": "App that generates a .xlsx remediation plan from a set of scan results augmented with text from JSON configuration files. Custom text is added when flaw criteria is met (such as a CWE ID, module name, file or line number). This allows custom text such as internal workflows, wiki links, training, code snippets, 2nd party information or other languages into the auto generated remediation plan. Enables app sec teams to triage large volumes of flaws quickly whilst sharing a core advice repository in code.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Report Converter (CSV)", "link": "https://github.com/dipsylala/VeracodeReportConverter-Windows", "author": {"name": "Dipsylala", "profile_link": "https://github.com/dipsylala/"}, "description": ".NET Framework utility to extract useful data from Detailed Report XML file into CSV format", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Report Converter Portable (CSV)", "link": "https://github.com/dipsylala/VeracodeReportConverter-Portable", "author": {"name": "Dipsylala", "profile_link": "https://github.com/dipsylala/"}, "description": ".NET Core utility to extract useful data from Detailed Report XML file into CSV format", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Gitlab SCA results report and issue generation", "link": "https://gitlab.com/julz0815/scaresultsreport", "author": {"name": "julz0815", "profile_link": "https://gitlab.com/julz0815/"}, "description": "Rewrites Veracode's Agent Based SCA json results in Gitlab readable report format in (orde)r to display results as dependency scanning on the pipeline run", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Gitlab static results report and issue generation", "link": "https://gitlab.com/julz0815/veracodesastresultsimport", "author": {"name": "julz0815", "profile_link": "https://gitlab.com/julz0815/"}, "description": "A little Java Script will download json results from a Veracode policy or sandbox scan into Gitlab readable report format in order display results as SAST results on the pipeline run and create Gitlab issues on the findings", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "veracode-to-csv", "link": "https://github.com/ctcampbell/veracode-to-csv", "author": {"name": "Ctcampbell", "profile_link": "https://github.com/ctcampbell"}, "description": "This script outputs one CSV file per scan per application profile visible in a Veracode platform account. The output can be imported into Splunk for further analysis.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "VCCLI", "link": "https://github.com/michaelhorty/VCCLI", "author": {"name": "Michaelhorty", "profile_link": "https://github.com/michaelhorty"}, "description": "Veracode AST and Security Labs utility in .NET Core.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "Veracode Container Security Display (Unofficial)", "link": "https://relaxnow.github.io/vcsd/", "author": {"name": "relaxnow", "profile_link": "https://github.com/relaxnow"}, "description": "Display, sort and filter Container Security JSON results.", "categories": {"category": "Results collection and display", "subcategory": null}}, {"name": "TopDesk", "link": "https://github.com/daniel-marchi/Veracode.Integration.TopDesk", "author": {"name": "Daniel-Marchi", "profile_link": "https://github.com/daniel-marchi"}, "description": "Integration with ITSM | CSC | ESM tool called [TopDesk](https://www.topdesk.com/).", "categories": {"category": "Results collection and display", "subcategory": null}}]} \ No newline at end of file