diniscruz / veracode-api Goto Github PK
View Code? Open in Web Editor NEWRepo to hold veracode related issues and code snippets
License: Apache License 2.0
Repo to hold veracode related issues and code snippets
License: Apache License 2.0
At the moment it is quite aggressive which has some security benefits but makes it a really bad user experience.
That said, this forces me to have the password saved in the browser (since I don't want to type it dozens of times every working session)
Not only the timeout period is very small (see #9), at least after logging in again, the UI should take the user to the last screen (not to the main UI which is usually 4 to 5 clicks away from the last working location)
At the moment it seems that the only solution is to use the [email protected] email which is not very effecient and does not caputure the questions and answers.
For example using GitHub Issues (like what I'm doing here) would allow the search of issues and for veracode users to learn from each other.
This would work for non company/scan specific issues (or for cases when the issue's target can be annonymized)
or 1 (ok) or 0 (not ok)
At the moment the veracode API returns the current list of applications after the delete is successful, which is the same as calling veracode-app-list
If the app doesn't exist of we don't have access to that app, we get <?xml version="1.0" encoding="UTF-8"?> <error>Access denied.</error>
Related to #13
At the moment most (if not all) links on the veracode UI are javascript:void(0);
this means that there isn't an easy way to open multiple tabs from one of the pages.
A common (desired) workflow is to open the 'Sandbox page' and be able to open each of the projects in a separate tab.
At the moment the only workflow that I have is to open the Sandbox page in each tab, and click on the desired project (one at the time). This is hard with multiple projects since it is easy to miss a project
A work around for this would be to use a context menu (see #2) or to set the link with the actual value (instead of using javascript:void(0);
)
This should put data in the same repo that will hold the scans results
Used to track:
related to #13
At the moment it is returning an XML salad
related to #13
For example I'm opening an issue which I would like to point to a search result and an article (see pics below)
At the moment the only link that looks available is the https://analysiscenter.veracode.com/auth/index.jsp?subsystem=helpcenter
Note: one workaround is to open the article in a separate tab and copy that link (for example https://analysiscenter.veracode.com/auth/helpCenter/policy/policy_veracodelevel.html )
Given the complexity of the UI, it would help if there was a context menu available via the right-mouse button
This would improve security
given access to veracode engine via UI or API
when a scan is started
and the scan UI page is openned
then there should be an easy way to refresh the content of the UI
Namely the Activity Log
veracode-apps
#15veracode-app-id
,veracode-delete-app
or veracode-app-delete
#14veracode-scan-file
veracode-app-builds
Looking at https://analysiscenter.veracode.com/auth/helpCenter/policy/policy_veracodelevel.html is it not that clear if the scanning rules (and techniques) are dependent on the chosen veracode level.
Namely will there be any difference in the results if I chose
vs
We should get a nice table with the important values: build_id , file_id, file_name
This is what we currently get
<?xml version="1.0" encoding="UTF-8"?>
<filelist xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="https://analysiscenter.veracode.com/schema/2.0/filelist"
xsi:schemaLocation="https://analysiscenter.veracode.com/schema/2.0/filelist https://analysiscenter.veracode.com/resource/2.0/filelist.xsd"
filelist_version="1.1" account_id="xxx" app_id="xxx" build_id="xxx">
<file file_id="5718780000" file_name="xxx-xxx.zip" file_status="Uploaded"/>
</filelist>
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.