A repository for managing different build/publish/package/scan script use cases. The main branch contains the default scripts as created by Veracode Static for Visual Studio 2019 and Veracode Static for Visual Studio 2022. The branches referred to further below contain customizations of these files for various use cases.
If you haven't read the documentation, you should review it here.
All of the files mentioned below are either MSBuild scripts or JSON configuration files and can be customized accordingly.
The main folders and files contained in this repository are:
- main
- Directory.Build.targets
- Veracode.Package.build
- Veracode.props
- veracode-build-microsoft.json
- veracode-project.json
- special
- VeracodePublishProfile.pubxml
- user
- veracode-build-microsoft-user.json
- veracode-project-user.json
These files are created by the extension if they don't already exist with the Wizard (veracode-project.json) or when you build/package (Directory.Build.targets, Veracode.Package.build, Veracode.props, veracode-build-microsoft.json).
They are placed in the solution root of the application.
This file (VeracodePublishProfile.pubxml) is created by the extension when you Publish/Package and you have at least one ASP.NET Framework project.
This file is placed in the Properties/PublishProfiles directory of each ASP.NET Framework project since that project type needs to be precompiled.
The veracode-build-microsoft-user.json file is created by the extension when you build/package, and the veracode-project-user.json is created by the extension using the Wizard.
These files are placed in the C:\Users\{UserName}\.veracode directory, and will override the corresponding files in the solution directory.
See the LICENSE file for details.
The modifications in the branch below show how to create a new Veracode application and sandbox on the platform when you run a scan. The only file you need to update for this example is veracode-project.json.
dhabolt/add-veracode-app-sandbox
If you want to drop some folders/files into a specified directory and have them zipped and uploaded to the platform without doing a Veracode build, this workflow is a great starting point.