You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Mar 20, 2024. It is now read-only.
JonZeolla edited this page Jan 29, 2020
·
5 revisions
Using easy_sast to perform SAST on pull requests is supported through the sandbox_name configuration. In Veracode, a sandbox is similar to an application, except that any vulnerabilities identified do not count against your application's compliance. For more details, see Veracode's documentation here.
Specify a sandbox name, either via:
sandbox_name under the sandbox api configuration in the config file.
--sandbox-name at the CLI.
We recommend using a sandbox name that reflects your git repository and branch name, such as easy_sast/fb/jonzeolla/a-thing where easy_sast is the git repository name, and fb/jonzeolla/a-thing is the name of your feature branch.
When doing a Policy scan in Veracode you can only perform a single scan of an application at a time. This is the same with sandbox scans, but easy_sast is configured to cancel any in progress builds if the sandbox feature is in use. This allows you to push commits rapidly to your branch and to prioritize the latest commit.