diff --git a/.github/workflows/_build.yml b/.github/workflows/_build.yml new file mode 100644 index 00000000..07745405 --- /dev/null +++ b/.github/workflows/_build.yml @@ -0,0 +1,39 @@ +name: _build + +on: + push: + pull: + + + + +jobs: + build: + runs-on: ubuntu-latest + # grants permissions for the artifact to be uploaded + permissions: + contents: read + packages: write + + + steps: + + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can acces it and clones the repo + - uses: actions/checkout@v3 + + - name: Set up JDK 17 + uses: actions/setup-java@v3 + with: + java-version: '17' + distribution: 'adopt' + + - name: Build with Maven + run: | + pwd + mvn -B clean package --file pom.xml + + - uses: actions/upload-artifact@v4 + with: + name: veracode-artifact + path: /home/runner/work/vulnado/vulnado/target/vulnado-0.0.1-SNAPSHOT.jar + if-no-files-found: error diff --git a/README.md b/README.md index eaee2c1b..2319135c 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Vulnado - Intentionally Vulnerable Java Application +I'm# Vulnado - Intentionally Vulnerable Java Application This application and exercises will take you through some of the OWASP top 10 Vulnerabilities and how to prevent them. @@ -23,3 +23,33 @@ The docker network created by `docker-compose` maps pretty well to a multi-tier * [XSS - Cross Site Scripting](exercises/02-xss.md) * [SSRF - Server Side Request Forgery](exercises/03-ssrf.md) * [RCE - Remote Code Execution & Reverse Shell](exercises/04-rce-reverse-shell.md) + +1 +2 +3 +4 +5 +6 +7 +8 +9 +10 +11 +12 +13 +14 +15 +16 +17 +18 +19 +20 +21 +22 +23 +24 +25 +26 +27 +28 +29 diff --git a/srcclr.yml b/srcclr.yml new file mode 100644 index 00000000..4ef5228b --- /dev/null +++ b/srcclr.yml @@ -0,0 +1 @@ +workspace_token: E77HYodl diff --git a/veracode.yml b/veracode.yml new file mode 100644 index 00000000..43fdfda2 --- /dev/null +++ b/veracode.yml @@ -0,0 +1,3 @@ +veracode_static_scan: +policy: 'Veracode Recommended Very High' +use_custom_workflow: _build