Feature: get the XML report output, or get the ID for later fetching

veracode / veracode-uploadandscan-action

This action uploads and scans code to Veracode for a static policy (or sandbox) scan.

MIT License

30 stars 29 forks source link

Feature: get the XML report output, or get the ID for later fetching #24

Open Gby56 opened 2 years ago

Gby56 commented 2 years ago

This is self-explanatory, just like the Jenkins plugin. I don't like waitforscan because most of the time it's not necessary to keep a github action/jenkins worker busy for that, but at least getting a report ID output would be good, maybe to give the ID to DefectDojo for later fetching via the API directly ?

Gby56 commented 2 years ago

@tjarrettveracode I saw in some actions logs you have

[2022.05.19 17:08:21.165] Creating a new analysis with name "2353480085".
[2022.05.19 17:08:24.117] 
[2022.05.19 17:08:24.117] The analysis id of the new analysis is "18534786".

can't the wrapper action uploadandscan give a json output for the report, and then you give that as an action output ? maybe even the ETA