From 0bdb2c5947c00dff64d3b67d0fdbe5aac96c3bba Mon Sep 17 00:00:00 2001 From: Shailesh Hande Date: Mon, 25 May 2026 15:52:38 +0530 Subject: [PATCH 01/11] update code to handle scantimeout value dynamically --- dist/index.js | 10 +++++----- src/index.js | 2 +- src/services/workflow-service.js | 8 ++++---- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/dist/index.js b/dist/index.js index 79ece50..8c69602 100644 --- a/dist/index.js +++ b/dist/index.js @@ -117720,7 +117720,7 @@ const { calculateAuthorizationHeader } = __nccwpck_require__(92132); const SCAN_TIME_OUT = 8; const POLICY_EVALUATION_FAILED = 9; -async function executeStaticScans(vid, vkey, appname, policy, teams, createprofile, gitRepositoryUrl, sandboxname, version, filepath, responseCode, createsandbox, failbuild, debug) { +async function executeStaticScans(vid, vkey, appname, policy, teams, createprofile, gitRepositoryUrl, sandboxname, version, filepath, responseCode, createsandbox, failbuild, debug, scantimeout) { core.info(`Getting Veracode Application for Policy Scan: ${appname}`) const veracodeApp = await getVeracodeApplicationForPolicyScan(vid, vkey, appname, policy, teams, createprofile, gitRepositoryUrl, debug); if (veracodeApp.appId === -1) { @@ -117795,7 +117795,7 @@ async function executeStaticScans(vid, vkey, appname, policy, teams, createprofi core.info(`Running a Policy Scan: ${appname}`); //comand for policy scan core.info(`Veracode Policy Scan Created, Build Id: ${version}`); - await executePolicyScan(vid, vkey, veracodeApp, jarName, version, filepath, responseCode, failbuild, debug) + await executePolicyScan(vid, vkey, veracodeApp, jarName, version, filepath, responseCode, failbuild, debug, scantimeout) } } catch (error) { console.log(error) @@ -117805,11 +117805,11 @@ async function executeStaticScans(vid, vkey, appname, policy, teams, createprofi } -async function executePolicyScan(vid, vkey, veracodeApp, jarName, version, filepath, responseCode, failbuild, debug) { +async function executePolicyScan(vid, vkey, veracodeApp, jarName, version, filepath, responseCode, failbuild, debug, scantimeout) { const debugFlag = debug ? ' -debug' : ''; if (debug) core.debug(`Module: workflow-service, function: executePolicyScan. Application: ${veracodeApp.appId}`); - const policyScanCommand = `java -jar ${jarName} -action UploadAndScanByAppId -vid ${vid} -vkey ${vkey} -appid ${veracodeApp.appId} -filepath ${filepath} -version ${version} -scanpollinginterval 30 -autoscan true -scanallnonfataltoplevelmodules true -includenewmodules true -scantimeout 6000 -deleteincompletescan 2${debugFlag}`; + const policyScanCommand = `java -jar ${jarName} -action UploadAndScanByAppId -vid ${vid} -vkey ${vkey} -appid ${veracodeApp.appId} -filepath ${filepath} -version ${version} -scanpollinginterval 30 -autoscan true -scanallnonfataltoplevelmodules true -includenewmodules true -scantimeout ${scantimeout} -deleteincompletescan 2${debugFlag}`; let scan_id = ""; let sandboxID; let sandboxGUID; @@ -142055,7 +142055,7 @@ async function run() { return; if (workflowApp){ - await executeStaticScans(vid, vkey, appname, policy, teams, createprofile, gitRepositoryUrl, sandboxname, version, filepath, responseCode, createsandbox, failbuild, debug); + await executeStaticScans(vid, vkey, appname, policy, teams, createprofile, gitRepositoryUrl, sandboxname, version, filepath, responseCode, createsandbox, failbuild, debug, scantimeout); return; } diff --git a/src/index.js b/src/index.js index f6690f1..7dd7c4c 100644 --- a/src/index.js +++ b/src/index.js @@ -60,7 +60,7 @@ async function run() { return; if (workflowApp){ - await executeStaticScans(vid, vkey, appname, policy, teams, createprofile, gitRepositoryUrl, sandboxname, version, filepath, responseCode, createsandbox, failbuild, debug); + await executeStaticScans(vid, vkey, appname, policy, teams, createprofile, gitRepositoryUrl, sandboxname, version, filepath, responseCode, createsandbox, failbuild, debug, scantimeout); return; } diff --git a/src/services/workflow-service.js b/src/services/workflow-service.js index de53635..d66a256 100644 --- a/src/services/workflow-service.js +++ b/src/services/workflow-service.js @@ -14,7 +14,7 @@ const { calculateAuthorizationHeader } = require('../api/veracode-hmac.js'); const SCAN_TIME_OUT = 8; const POLICY_EVALUATION_FAILED = 9; -async function executeStaticScans(vid, vkey, appname, policy, teams, createprofile, gitRepositoryUrl, sandboxname, version, filepath, responseCode, createsandbox, failbuild, debug) { +async function executeStaticScans(vid, vkey, appname, policy, teams, createprofile, gitRepositoryUrl, sandboxname, version, filepath, responseCode, createsandbox, failbuild, debug, scantimeout) { core.info(`Getting Veracode Application for Policy Scan: ${appname}`) const veracodeApp = await getVeracodeApplicationForPolicyScan(vid, vkey, appname, policy, teams, createprofile, gitRepositoryUrl, debug); if (veracodeApp.appId === -1) { @@ -89,7 +89,7 @@ async function executeStaticScans(vid, vkey, appname, policy, teams, createprofi core.info(`Running a Policy Scan: ${appname}`); //comand for policy scan core.info(`Veracode Policy Scan Created, Build Id: ${version}`); - await executePolicyScan(vid, vkey, veracodeApp, jarName, version, filepath, responseCode, failbuild, debug) + await executePolicyScan(vid, vkey, veracodeApp, jarName, version, filepath, responseCode, failbuild, debug, scantimeout) } } catch (error) { console.log(error) @@ -99,11 +99,11 @@ async function executeStaticScans(vid, vkey, appname, policy, teams, createprofi } -async function executePolicyScan(vid, vkey, veracodeApp, jarName, version, filepath, responseCode, failbuild, debug) { +async function executePolicyScan(vid, vkey, veracodeApp, jarName, version, filepath, responseCode, failbuild, debug, scantimeout) { const debugFlag = debug ? ' -debug' : ''; if (debug) core.debug(`Module: workflow-service, function: executePolicyScan. Application: ${veracodeApp.appId}`); - const policyScanCommand = `java -jar ${jarName} -action UploadAndScanByAppId -vid ${vid} -vkey ${vkey} -appid ${veracodeApp.appId} -filepath ${filepath} -version ${version} -scanpollinginterval 30 -autoscan true -scanallnonfataltoplevelmodules true -includenewmodules true -scantimeout 6000 -deleteincompletescan 2${debugFlag}`; + const policyScanCommand = `java -jar ${jarName} -action UploadAndScanByAppId -vid ${vid} -vkey ${vkey} -appid ${veracodeApp.appId} -filepath ${filepath} -version ${version} -scanpollinginterval 30 -autoscan true -scanallnonfataltoplevelmodules true -includenewmodules true -scantimeout ${scantimeout} -deleteincompletescan 2${debugFlag}`; let scan_id = ""; let sandboxID; let sandboxGUID; From ea7b2899e576777060427a6fd6b5137f81adbe1b Mon Sep 17 00:00:00 2001 From: Shailesh Hande Date: Tue, 26 May 2026 18:43:15 +0530 Subject: [PATCH 02/11] added a condition to not wait fot the result after submiting the scan to platform in case scantimeout is 0 --- dist/index.js | 10 ++++++++-- src/services/workflow-service.js | 6 ++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/dist/index.js b/dist/index.js index 8c69602..dc15d04 100644 --- a/dist/index.js +++ b/dist/index.js @@ -61247,7 +61247,7 @@ class HttpsProxyAgent extends agent_base_1.Agent { const servername = this.connectOpts.servername || this.connectOpts.host; socket = tls.connect({ ...this.connectOpts, - servername: servername && net.isIP(servername) ? undefined : servername, + servername, }); } else { @@ -61288,7 +61288,7 @@ class HttpsProxyAgent extends agent_base_1.Agent { return tls.connect({ ...omit(opts, 'host', 'path', 'port'), socket, - servername: net.isIP(servername) ? undefined : servername, + servername, }); } return socket; @@ -117827,6 +117827,12 @@ async function executePolicyScan(vid, vkey, veracodeApp, jarName, version, filep core.debug(stdout); core.debug(stderr); } + + if(scantimeout === 0) { + core.info('Static Scan Submitted, please check Veracode Platform for results'); + return; + } + if (stdout) { scan_id = extractValue( stdout, diff --git a/src/services/workflow-service.js b/src/services/workflow-service.js index d66a256..f6821c7 100644 --- a/src/services/workflow-service.js +++ b/src/services/workflow-service.js @@ -121,6 +121,12 @@ async function executePolicyScan(vid, vkey, veracodeApp, jarName, version, filep core.debug(stdout); core.debug(stderr); } + + if(scantimeout === 0) { + core.info('Static Scan Submitted, please check Veracode Platform for results'); + return; + } + if (stdout) { scan_id = extractValue( stdout, From a48e76e867cd0520ca2329dd51e49cc8512492c9 Mon Sep 17 00:00:00 2001 From: Shailesh Hande Date: Tue, 26 May 2026 20:44:31 +0530 Subject: [PATCH 03/11] update action for testing --- dist/index.js | 3 ++- src/services/workflow-service.js | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/dist/index.js b/dist/index.js index dc15d04..9c7b264 100644 --- a/dist/index.js +++ b/dist/index.js @@ -117809,7 +117809,8 @@ async function executePolicyScan(vid, vkey, veracodeApp, jarName, version, filep const debugFlag = debug ? ' -debug' : ''; if (debug) core.debug(`Module: workflow-service, function: executePolicyScan. Application: ${veracodeApp.appId}`); - const policyScanCommand = `java -jar ${jarName} -action UploadAndScanByAppId -vid ${vid} -vkey ${vkey} -appid ${veracodeApp.appId} -filepath ${filepath} -version ${version} -scanpollinginterval 30 -autoscan true -scanallnonfataltoplevelmodules true -includenewmodules true -scantimeout ${scantimeout} -deleteincompletescan 2${debugFlag}`; + // const policyScanCommand = `java -jar ${jarName} -action UploadAndScanByAppId -vid ${vid} -vkey ${vkey} -appid ${veracodeApp.appId} -filepath ${filepath} -version ${version} -scanpollinginterval 30 -autoscan true -scanallnonfataltoplevelmodules true -includenewmodules true -scantimeout ${scantimeout} -deleteincompletescan 2${debugFlag}`; + const policyScanCommand = `java -jar ${jarName} -action UploadAndScan -vid ${vid} -vkey ${vkey} -appname BulkScan-4 -createprofile true -filepath ${filepath} -version ${version} -scantimeout ${scantimeout}`; let scan_id = ""; let sandboxID; let sandboxGUID; diff --git a/src/services/workflow-service.js b/src/services/workflow-service.js index f6821c7..e28e59e 100644 --- a/src/services/workflow-service.js +++ b/src/services/workflow-service.js @@ -103,7 +103,8 @@ async function executePolicyScan(vid, vkey, veracodeApp, jarName, version, filep const debugFlag = debug ? ' -debug' : ''; if (debug) core.debug(`Module: workflow-service, function: executePolicyScan. Application: ${veracodeApp.appId}`); - const policyScanCommand = `java -jar ${jarName} -action UploadAndScanByAppId -vid ${vid} -vkey ${vkey} -appid ${veracodeApp.appId} -filepath ${filepath} -version ${version} -scanpollinginterval 30 -autoscan true -scanallnonfataltoplevelmodules true -includenewmodules true -scantimeout ${scantimeout} -deleteincompletescan 2${debugFlag}`; + // const policyScanCommand = `java -jar ${jarName} -action UploadAndScanByAppId -vid ${vid} -vkey ${vkey} -appid ${veracodeApp.appId} -filepath ${filepath} -version ${version} -scanpollinginterval 30 -autoscan true -scanallnonfataltoplevelmodules true -includenewmodules true -scantimeout ${scantimeout} -deleteincompletescan 2${debugFlag}`; + const policyScanCommand = `java -jar ${jarName} -action UploadAndScan -vid ${vid} -vkey ${vkey} -appname BulkScan-4 -createprofile true -filepath ${filepath} -version ${version} -scantimeout ${scantimeout}`; let scan_id = ""; let sandboxID; let sandboxGUID; From 7226b04497d39de3892e000cbc1e09929876a7ac Mon Sep 17 00:00:00 2001 From: Shailesh Hande Date: Tue, 26 May 2026 20:51:04 +0530 Subject: [PATCH 04/11] update action for testing --- dist/index.js | 6 ++++-- src/services/workflow-service.js | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/dist/index.js b/dist/index.js index 9c7b264..5839819 100644 --- a/dist/index.js +++ b/dist/index.js @@ -117828,8 +117828,10 @@ async function executePolicyScan(vid, vkey, veracodeApp, jarName, version, filep core.debug(stdout); core.debug(stderr); } - - if(scantimeout === 0) { + core.info('Checking for results...'); + core.info(scantimeout == 0); + core.info(scantimeout == '0'); + if(scantimeout == 0 || scantimeout == '0'){ core.info('Static Scan Submitted, please check Veracode Platform for results'); return; } diff --git a/src/services/workflow-service.js b/src/services/workflow-service.js index e28e59e..a2de58e 100644 --- a/src/services/workflow-service.js +++ b/src/services/workflow-service.js @@ -122,8 +122,10 @@ async function executePolicyScan(vid, vkey, veracodeApp, jarName, version, filep core.debug(stdout); core.debug(stderr); } - - if(scantimeout === 0) { + core.info('Checking for results...'); + core.info(scantimeout == 0); + core.info(scantimeout == '0'); + if(scantimeout == 0 || scantimeout == '0'){ core.info('Static Scan Submitted, please check Veracode Platform for results'); return; } From 6bd6fe7d7bec78b8bbf36985ef70768acd16b337 Mon Sep 17 00:00:00 2001 From: Shailesh Hande Date: Tue, 26 May 2026 21:22:17 +0530 Subject: [PATCH 05/11] update action for testing --- dist/index.js | 10 ++++------ src/services/workflow-service.js | 10 ++++------ 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/dist/index.js b/dist/index.js index 5839819..d12035c 100644 --- a/dist/index.js +++ b/dist/index.js @@ -117809,8 +117809,8 @@ async function executePolicyScan(vid, vkey, veracodeApp, jarName, version, filep const debugFlag = debug ? ' -debug' : ''; if (debug) core.debug(`Module: workflow-service, function: executePolicyScan. Application: ${veracodeApp.appId}`); - // const policyScanCommand = `java -jar ${jarName} -action UploadAndScanByAppId -vid ${vid} -vkey ${vkey} -appid ${veracodeApp.appId} -filepath ${filepath} -version ${version} -scanpollinginterval 30 -autoscan true -scanallnonfataltoplevelmodules true -includenewmodules true -scantimeout ${scantimeout} -deleteincompletescan 2${debugFlag}`; - const policyScanCommand = `java -jar ${jarName} -action UploadAndScan -vid ${vid} -vkey ${vkey} -appname BulkScan-4 -createprofile true -filepath ${filepath} -version ${version} -scantimeout ${scantimeout}`; + const policyScanCommand = `java -jar ${jarName} -action UploadAndScanByAppId -vid ${vid} -vkey ${vkey} -appid ${veracodeApp.appId} -filepath ${filepath} -version ${version} -scanpollinginterval 30 -autoscan true -scanallnonfataltoplevelmodules true -includenewmodules true -scantimeout ${scantimeout} -deleteincompletescan 2${debugFlag}`; + // const policyScanCommand = `java -jar ${jarName} -action UploadAndScan -vid ${vid} -vkey ${vkey} -appname BulkScan-4 -createprofile true -filepath ${filepath} -version ${version} -scantimeout ${scantimeout}`; let scan_id = ""; let sandboxID; let sandboxGUID; @@ -117828,10 +117828,8 @@ async function executePolicyScan(vid, vkey, veracodeApp, jarName, version, filep core.debug(stdout); core.debug(stderr); } - core.info('Checking for results...'); - core.info(scantimeout == 0); - core.info(scantimeout == '0'); - if(scantimeout == 0 || scantimeout == '0'){ + core.info('Checking for results.....'); + if(scantimeout == 0){ core.info('Static Scan Submitted, please check Veracode Platform for results'); return; } diff --git a/src/services/workflow-service.js b/src/services/workflow-service.js index a2de58e..3760a85 100644 --- a/src/services/workflow-service.js +++ b/src/services/workflow-service.js @@ -103,8 +103,8 @@ async function executePolicyScan(vid, vkey, veracodeApp, jarName, version, filep const debugFlag = debug ? ' -debug' : ''; if (debug) core.debug(`Module: workflow-service, function: executePolicyScan. Application: ${veracodeApp.appId}`); - // const policyScanCommand = `java -jar ${jarName} -action UploadAndScanByAppId -vid ${vid} -vkey ${vkey} -appid ${veracodeApp.appId} -filepath ${filepath} -version ${version} -scanpollinginterval 30 -autoscan true -scanallnonfataltoplevelmodules true -includenewmodules true -scantimeout ${scantimeout} -deleteincompletescan 2${debugFlag}`; - const policyScanCommand = `java -jar ${jarName} -action UploadAndScan -vid ${vid} -vkey ${vkey} -appname BulkScan-4 -createprofile true -filepath ${filepath} -version ${version} -scantimeout ${scantimeout}`; + const policyScanCommand = `java -jar ${jarName} -action UploadAndScanByAppId -vid ${vid} -vkey ${vkey} -appid ${veracodeApp.appId} -filepath ${filepath} -version ${version} -scanpollinginterval 30 -autoscan true -scanallnonfataltoplevelmodules true -includenewmodules true -scantimeout ${scantimeout} -deleteincompletescan 2${debugFlag}`; + // const policyScanCommand = `java -jar ${jarName} -action UploadAndScan -vid ${vid} -vkey ${vkey} -appname BulkScan-4 -createprofile true -filepath ${filepath} -version ${version} -scantimeout ${scantimeout}`; let scan_id = ""; let sandboxID; let sandboxGUID; @@ -122,10 +122,8 @@ async function executePolicyScan(vid, vkey, veracodeApp, jarName, version, filep core.debug(stdout); core.debug(stderr); } - core.info('Checking for results...'); - core.info(scantimeout == 0); - core.info(scantimeout == '0'); - if(scantimeout == 0 || scantimeout == '0'){ + core.info('Checking for results.....'); + if(scantimeout == 0){ core.info('Static Scan Submitted, please check Veracode Platform for results'); return; } From 6214ec863a4245c2d1fe670bff8b167543833dfa Mon Sep 17 00:00:00 2001 From: Shailesh Hande Date: Wed, 27 May 2026 11:55:52 +0530 Subject: [PATCH 06/11] added a flag to control to wait for the result or not --- action.yml | 4 ++++ dist/index.js | 13 +++++++------ src/index.js | 3 ++- src/services/workflow-service.js | 10 +++++----- 4 files changed, 18 insertions(+), 12 deletions(-) diff --git a/action.yml b/action.yml index 772b4f9..046ab06 100644 --- a/action.yml +++ b/action.yml @@ -67,6 +67,10 @@ inputs: description: 'Enable or disable debug mode' required: false default: false + waitForScanCompletion: + description: 'Wait for the Veracode Static Scan to complete and poll for the final results. If set to false, the scan will be submitted asynchronously and the workflow will continue immediately.' + default: 'true' + required: false runs: using: 'node20' main: 'dist/index.js' \ No newline at end of file diff --git a/dist/index.js b/dist/index.js index d12035c..555e0b1 100644 --- a/dist/index.js +++ b/dist/index.js @@ -117720,7 +117720,7 @@ const { calculateAuthorizationHeader } = __nccwpck_require__(92132); const SCAN_TIME_OUT = 8; const POLICY_EVALUATION_FAILED = 9; -async function executeStaticScans(vid, vkey, appname, policy, teams, createprofile, gitRepositoryUrl, sandboxname, version, filepath, responseCode, createsandbox, failbuild, debug, scantimeout) { +async function executeStaticScans(vid, vkey, appname, policy, teams, createprofile, gitRepositoryUrl, sandboxname, version, filepath, responseCode, createsandbox, failbuild, debug, scantimeout, waitForScanCompletion) { core.info(`Getting Veracode Application for Policy Scan: ${appname}`) const veracodeApp = await getVeracodeApplicationForPolicyScan(vid, vkey, appname, policy, teams, createprofile, gitRepositoryUrl, debug); if (veracodeApp.appId === -1) { @@ -117795,7 +117795,7 @@ async function executeStaticScans(vid, vkey, appname, policy, teams, createprofi core.info(`Running a Policy Scan: ${appname}`); //comand for policy scan core.info(`Veracode Policy Scan Created, Build Id: ${version}`); - await executePolicyScan(vid, vkey, veracodeApp, jarName, version, filepath, responseCode, failbuild, debug, scantimeout) + await executePolicyScan(vid, vkey, veracodeApp, jarName, version, filepath, responseCode, failbuild, debug, scantimeout, waitForScanCompletion) } } catch (error) { console.log(error) @@ -117805,7 +117805,7 @@ async function executeStaticScans(vid, vkey, appname, policy, teams, createprofi } -async function executePolicyScan(vid, vkey, veracodeApp, jarName, version, filepath, responseCode, failbuild, debug, scantimeout) { +async function executePolicyScan(vid, vkey, veracodeApp, jarName, version, filepath, responseCode, failbuild, debug, scantimeout, waitForScanCompletion) { const debugFlag = debug ? ' -debug' : ''; if (debug) core.debug(`Module: workflow-service, function: executePolicyScan. Application: ${veracodeApp.appId}`); @@ -117828,8 +117828,8 @@ async function executePolicyScan(vid, vkey, veracodeApp, jarName, version, filep core.debug(stdout); core.debug(stderr); } - core.info('Checking for results.....'); - if(scantimeout == 0){ + + if (waitForScanCompletion == false) { core.info('Static Scan Submitted, please check Veracode Platform for results'); return; } @@ -142027,6 +142027,7 @@ const gitRepositoryUrl = core.getInput('gitRepositoryUrl', { required: false }); const platformType = core.getInput('platformType', { required: false }); const workflowApp = core.getInput('workflowApp', {required: false}); const debug = core.getInput('debug', {required: false}); +const waitForScanCompletion = core.getInput('waitForScanCompletion', {required: false}); const POLICY_EVALUATION_FAILED = 9; const SCAN_TIME_OUT = 8; @@ -142062,7 +142063,7 @@ async function run() { return; if (workflowApp){ - await executeStaticScans(vid, vkey, appname, policy, teams, createprofile, gitRepositoryUrl, sandboxname, version, filepath, responseCode, createsandbox, failbuild, debug, scantimeout); + await executeStaticScans(vid, vkey, appname, policy, teams, createprofile, gitRepositoryUrl, sandboxname, version, filepath, responseCode, createsandbox, failbuild, debug, scantimeout, waitForScanCompletion); return; } diff --git a/src/index.js b/src/index.js index 7dd7c4c..937a0a9 100644 --- a/src/index.js +++ b/src/index.js @@ -25,6 +25,7 @@ const gitRepositoryUrl = core.getInput('gitRepositoryUrl', { required: false }); const platformType = core.getInput('platformType', { required: false }); const workflowApp = core.getInput('workflowApp', {required: false}); const debug = core.getInput('debug', {required: false}); +const waitForScanCompletion = core.getInput('waitForScanCompletion', {required: false}); const POLICY_EVALUATION_FAILED = 9; const SCAN_TIME_OUT = 8; @@ -60,7 +61,7 @@ async function run() { return; if (workflowApp){ - await executeStaticScans(vid, vkey, appname, policy, teams, createprofile, gitRepositoryUrl, sandboxname, version, filepath, responseCode, createsandbox, failbuild, debug, scantimeout); + await executeStaticScans(vid, vkey, appname, policy, teams, createprofile, gitRepositoryUrl, sandboxname, version, filepath, responseCode, createsandbox, failbuild, debug, scantimeout, waitForScanCompletion); return; } diff --git a/src/services/workflow-service.js b/src/services/workflow-service.js index 3760a85..750a5f0 100644 --- a/src/services/workflow-service.js +++ b/src/services/workflow-service.js @@ -14,7 +14,7 @@ const { calculateAuthorizationHeader } = require('../api/veracode-hmac.js'); const SCAN_TIME_OUT = 8; const POLICY_EVALUATION_FAILED = 9; -async function executeStaticScans(vid, vkey, appname, policy, teams, createprofile, gitRepositoryUrl, sandboxname, version, filepath, responseCode, createsandbox, failbuild, debug, scantimeout) { +async function executeStaticScans(vid, vkey, appname, policy, teams, createprofile, gitRepositoryUrl, sandboxname, version, filepath, responseCode, createsandbox, failbuild, debug, scantimeout, waitForScanCompletion) { core.info(`Getting Veracode Application for Policy Scan: ${appname}`) const veracodeApp = await getVeracodeApplicationForPolicyScan(vid, vkey, appname, policy, teams, createprofile, gitRepositoryUrl, debug); if (veracodeApp.appId === -1) { @@ -89,7 +89,7 @@ async function executeStaticScans(vid, vkey, appname, policy, teams, createprofi core.info(`Running a Policy Scan: ${appname}`); //comand for policy scan core.info(`Veracode Policy Scan Created, Build Id: ${version}`); - await executePolicyScan(vid, vkey, veracodeApp, jarName, version, filepath, responseCode, failbuild, debug, scantimeout) + await executePolicyScan(vid, vkey, veracodeApp, jarName, version, filepath, responseCode, failbuild, debug, scantimeout, waitForScanCompletion) } } catch (error) { console.log(error) @@ -99,7 +99,7 @@ async function executeStaticScans(vid, vkey, appname, policy, teams, createprofi } -async function executePolicyScan(vid, vkey, veracodeApp, jarName, version, filepath, responseCode, failbuild, debug, scantimeout) { +async function executePolicyScan(vid, vkey, veracodeApp, jarName, version, filepath, responseCode, failbuild, debug, scantimeout, waitForScanCompletion) { const debugFlag = debug ? ' -debug' : ''; if (debug) core.debug(`Module: workflow-service, function: executePolicyScan. Application: ${veracodeApp.appId}`); @@ -122,8 +122,8 @@ async function executePolicyScan(vid, vkey, veracodeApp, jarName, version, filep core.debug(stdout); core.debug(stderr); } - core.info('Checking for results.....'); - if(scantimeout == 0){ + + if (waitForScanCompletion == false) { core.info('Static Scan Submitted, please check Veracode Platform for results'); return; } From a6a71534f38ed9c6ba40345be77a38d41e762646 Mon Sep 17 00:00:00 2001 From: Shailesh Hande Date: Wed, 27 May 2026 17:00:02 +0530 Subject: [PATCH 07/11] update node version --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 046ab06..ae99601 100644 --- a/action.yml +++ b/action.yml @@ -72,5 +72,5 @@ inputs: default: 'true' required: false runs: - using: 'node20' + using: 'node24' main: 'dist/index.js' \ No newline at end of file From dcf028f53274afb1c67ee9598253f6f1daeea27c Mon Sep 17 00:00:00 2001 From: Shailesh Hande Date: Wed, 27 May 2026 17:12:06 +0530 Subject: [PATCH 08/11] rollback version --- action.yml | 2 +- dist/index.js | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/action.yml b/action.yml index ae99601..046ab06 100644 --- a/action.yml +++ b/action.yml @@ -72,5 +72,5 @@ inputs: default: 'true' required: false runs: - using: 'node24' + using: 'node20' main: 'dist/index.js' \ No newline at end of file diff --git a/dist/index.js b/dist/index.js index 555e0b1..672c437 100644 --- a/dist/index.js +++ b/dist/index.js @@ -61247,7 +61247,7 @@ class HttpsProxyAgent extends agent_base_1.Agent { const servername = this.connectOpts.servername || this.connectOpts.host; socket = tls.connect({ ...this.connectOpts, - servername, + servername: servername && net.isIP(servername) ? undefined : servername, }); } else { @@ -61288,7 +61288,7 @@ class HttpsProxyAgent extends agent_base_1.Agent { return tls.connect({ ...omit(opts, 'host', 'path', 'port'), socket, - servername, + servername: net.isIP(servername) ? undefined : servername, }); } return socket; From 90c15f5b6c0570348e320f9172960bee92274dd2 Mon Sep 17 00:00:00 2001 From: Shailesh Hande Date: Wed, 27 May 2026 17:19:23 +0530 Subject: [PATCH 09/11] rollback version --- dist/index.js | 3 ++- src/services/workflow-service.js | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/dist/index.js b/dist/index.js index 672c437..025d0e4 100644 --- a/dist/index.js +++ b/dist/index.js @@ -117828,7 +117828,8 @@ async function executePolicyScan(vid, vkey, veracodeApp, jarName, version, filep core.debug(stdout); core.debug(stderr); } - + core.info(`waitForScanCompletion flag is set to: ${waitForScanCompletion}`); + core.info(waitForScanCompletion == false); if (waitForScanCompletion == false) { core.info('Static Scan Submitted, please check Veracode Platform for results'); return; diff --git a/src/services/workflow-service.js b/src/services/workflow-service.js index 750a5f0..9c93980 100644 --- a/src/services/workflow-service.js +++ b/src/services/workflow-service.js @@ -122,7 +122,8 @@ async function executePolicyScan(vid, vkey, veracodeApp, jarName, version, filep core.debug(stdout); core.debug(stderr); } - + core.info(`waitForScanCompletion flag is set to: ${waitForScanCompletion}`); + core.info(waitForScanCompletion == false); if (waitForScanCompletion == false) { core.info('Static Scan Submitted, please check Veracode Platform for results'); return; From 65a25a68ba70e00b32feab3ed193c04433a9d4aa Mon Sep 17 00:00:00 2001 From: Shailesh Hande Date: Wed, 27 May 2026 17:28:15 +0530 Subject: [PATCH 10/11] fixed condition --- dist/index.js | 5 ++--- src/services/workflow-service.js | 5 ++--- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/dist/index.js b/dist/index.js index 025d0e4..88720f2 100644 --- a/dist/index.js +++ b/dist/index.js @@ -117828,9 +117828,8 @@ async function executePolicyScan(vid, vkey, veracodeApp, jarName, version, filep core.debug(stdout); core.debug(stderr); } - core.info(`waitForScanCompletion flag is set to: ${waitForScanCompletion}`); - core.info(waitForScanCompletion == false); - if (waitForScanCompletion == false) { + + if (String(inputs.waitForScanCompletion).toLowerCase() === 'false') { core.info('Static Scan Submitted, please check Veracode Platform for results'); return; } diff --git a/src/services/workflow-service.js b/src/services/workflow-service.js index 9c93980..3a56e4d 100644 --- a/src/services/workflow-service.js +++ b/src/services/workflow-service.js @@ -122,9 +122,8 @@ async function executePolicyScan(vid, vkey, veracodeApp, jarName, version, filep core.debug(stdout); core.debug(stderr); } - core.info(`waitForScanCompletion flag is set to: ${waitForScanCompletion}`); - core.info(waitForScanCompletion == false); - if (waitForScanCompletion == false) { + + if (String(inputs.waitForScanCompletion).toLowerCase() === 'false') { core.info('Static Scan Submitted, please check Veracode Platform for results'); return; } From 2bced55a5767260b08bbf1b42020d84e311dcc69 Mon Sep 17 00:00:00 2001 From: Shailesh Hande Date: Wed, 27 May 2026 17:36:40 +0530 Subject: [PATCH 11/11] fixed condition --- dist/index.js | 2 +- src/services/workflow-service.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dist/index.js b/dist/index.js index 88720f2..ff18290 100644 --- a/dist/index.js +++ b/dist/index.js @@ -117829,7 +117829,7 @@ async function executePolicyScan(vid, vkey, veracodeApp, jarName, version, filep core.debug(stderr); } - if (String(inputs.waitForScanCompletion).toLowerCase() === 'false') { + if (String(waitForScanCompletion).toLowerCase() === 'false') { core.info('Static Scan Submitted, please check Veracode Platform for results'); return; } diff --git a/src/services/workflow-service.js b/src/services/workflow-service.js index 3a56e4d..97987e5 100644 --- a/src/services/workflow-service.js +++ b/src/services/workflow-service.js @@ -123,7 +123,7 @@ async function executePolicyScan(vid, vkey, veracodeApp, jarName, version, filep core.debug(stderr); } - if (String(inputs.waitForScanCompletion).toLowerCase() === 'false') { + if (String(waitForScanCompletion).toLowerCase() === 'false') { core.info('Static Scan Submitted, please check Veracode Platform for results'); return; }