Composite action for policy and sandbox scan with workflowApp parameter and SCA scan break build functionality

skumariV · skumariV · commit d06b050588ec · 2025-10-28T18:18:00.000+05:30
diff --git a/.github/workflows/binary-ready-veracode-sast-policy-scan.yml b/.github/workflows/binary-ready-veracode-sast-policy-scan.yml
@@ -87,6 +87,8 @@ jobs:
           scantimeout: 30
           failbuild: ${{ github.event.client_payload.user_config.break_build_policy_findings }}
           deleteincompletescan: true
+          workflowApp: true
+
 
       - name: Veracode Policy Results
         id: prepare-results
diff --git a/.github/workflows/veracode-policy-scan.yml b/.github/workflows/veracode-policy-scan.yml
@@ -90,6 +90,7 @@ jobs:
           failbuild: ${{ inputs.break_build_policy_findings }}
           gitRepositoryUrl: ${{ github.server_url }}/${{ inputs.source_repository }}
           deleteincompletescan: true
+          workflowApp: true
 
       - name: Veracode Policy Results
         id: prepare-results
diff --git a/.github/workflows/veracode-sca-scan.yml b/.github/workflows/veracode-sca-scan.yml
@@ -82,9 +82,10 @@ jobs:
         env:
           SRCCLR_API_TOKEN: ${{ secrets.VERACODE_AGENT_TOKEN }}
           JAVA_OPTS: -Xms2g -Xmx4g
-        uses: veracode/veracode-sca@v2.1.13
+        uses: veracode/veracode-sca@v2.1.14
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           create-issues: false
           recursive: true
           allow-dirty: true
+          breakBuildOnPolicyFindings: ${{ github.event.client_payload.user_config.break_build_policy_findings }}
diff --git a/veracode.yml b/veracode.yml
@@ -57,6 +57,7 @@ veracode_sca_scan:
   # If the break_build_on_error is set to true, the build will break if the scan failed to complete or with an error, no libraries were found, 
   # or no build system was found and the error_message will be displayed.
   break_build_on_error: true
+  break_build_policy_findings: true
   error_message: "Veracode SCA scan faced a problem. Please contact your Veracode administrator for more information."
   # If the trigger is set to true, a scan is triggered when you create an issue containing the commands value or add a comment containing the commands value to an issue.
   # Syntax to be used - COMMANDS_VALUE [branch: BRANCH_NAME]
