.gitlab-ci.yml

---
image: docker-ro.laputa.veracode.io/agora/buildbox:centos7-m1-java8-latest

stages:
    - build
    - scan

maven:
    stage: build
    script:
        - yum -y install maven
        - mvn compile package
    artifacts:
        paths:
            - target/verademo.war

development-upload-for-sast:
    stage: scan
    only:
        - development
    script:
        - java -jar $HOME/helpers/VeracodeJavaAPI.jar -vid ${TEAM_ANALYSISCENTER_ID} -vkey ${TEAM_ANALYSISCENTER_KEY}
          -action UploadAndScan -appname "Verademo" -createprofile false -autoscan true -sandboxname "gitlab-development"
          -filepath ./target/verademo.war -version "Job ${CI_JOB_ID} in pipeline ${CI_PIPELINE_ID}"
    allow_failure: true
    
release-upload-for-sast:
    stage: scan
    only:
        - release
    script:
        - java -jar $HOME/helpers/VeracodeJavaAPI.jar -vid ${TEAM_ANALYSISCENTER_ID} -vkey ${TEAM_ANALYSISCENTER_KEY}
          -action UploadAndScan -appname "Verademo" -createprofile false -autoscan true -sandboxname "gitlab-release"
          -filepath ./target/verademo.war -version "Job ${CI_JOB_ID} in pipeline ${CI_PIPELINE_ID}"
    allow_failure: true
    
policy-upload-for-sast:
    stage: scan
    only:
        - schedules
        - master
    script:
        - java -jar $HOME/helpers/VeracodeJavaAPI.jar -vid ${TEAM_ANALYSISCENTER_ID} -vkey ${TEAM_ANALYSISCENTER_KEY}
          -action UploadAndScan -appname "Verademo" -createprofile false -autoscan true
          -filepath ./target/verademo.war -version "Job ${CI_JOB_ID} in pipeline ${CI_PIPELINE_ID}"
          -scantimeout 15