ScaleSec · bnreplah · Oct 4, 2024 · Oct 4, 2024 · Oct 4, 2024 · Oct 4, 2024
diff --git a/.github/workflows/_build.yml b/.github/workflows/_build.yml
@@ -0,0 +1,39 @@
+name: _build
+
+on:
+  push:
+  pull:
+
+
+
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    # grants permissions for the artifact to be uploaded
+    permissions:
+      contents: read
+      packages: write
+
+
+    steps:
+
+    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can acces it and clones the repo
+      - uses: actions/checkout@v3
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'adopt'
+
+      - name: Build with Maven
+        run: |
+          pwd
+          mvn -B clean package --file pom.xml
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: veracode-artifact
+          path: /home/runner/work/vulnado/vulnado/target/vulnado-0.0.1-SNAPSHOT.jar
+          if-no-files-found: error
diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-# Vulnado - Intentionally Vulnerable Java Application
+I'm# Vulnado - Intentionally Vulnerable Java Application
 
 This application and exercises will take you through some of the OWASP top 10 Vulnerabilities and how to prevent them.
 
@@ -23,3 +23,33 @@ The docker network created by `docker-compose` maps pretty well to a multi-tier
 * [XSS - Cross Site Scripting](exercises/02-xss.md)
 * [SSRF - Server Side Request Forgery](exercises/03-ssrf.md)
 * [RCE - Remote Code Execution & Reverse Shell](exercises/04-rce-reverse-shell.md)
+
+1
+2
+3
+4
+5
+6
+7
+8
+9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
diff --git a/srcclr.yml b/srcclr.yml
@@ -0,0 +1 @@
+workspace_token: E77HYodl
diff --git a/veracode.yml b/veracode.yml
@@ -0,0 +1,3 @@
+veracode_static_scan:
+policy: 'Veracode Recommended Very High'
+use_custom_workflow: _build