{"id":37463602,"url":"https://github.com/veracode/veracode-dast-essentials-action","last_synced_at":"2026-01-16T07:06:59.771Z","repository":{"id":209674665,"uuid":"704137905","full_name":"veracode/veracode-dast-essentials-action","owner":"veracode","description":null,"archived":false,"fork":false,"pushed_at":"2024-05-22T12:55:22.000Z","size":724,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":6,"default_branch":"main","last_synced_at":"2024-05-22T14:01:51.825Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/veracode.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-10-12T16:01:49.000Z","updated_at":"2024-07-12T09:58:31.888Z","dependencies_parsed_at":"2024-05-22T14:01:02.826Z","dependency_job_id":"efaa1e7b-47d3-4e95-951c-bda0ffe3c445","html_url":"https://github.com/veracode/veracode-dast-essentials-action","commit_stats":null,"previous_names":["veracode/veracode-dast-essentials-action"],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/veracode/veracode-dast-essentials-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/veracode%2Fveracode-dast-essentials-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/veracode%2Fveracode-dast-essentials-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/veracode%2Fveracode-dast-essentials-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/veracode%2Fveracode-dast-essentials-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/veracode","download_url":"https://codeload.github.com/veracode/veracode-dast-essentials-action/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/veracode%2Fveracode-dast-essentials-action/sbom","scorecard":{"id":918694,"data":{"date":"2025-08-11","repo":{"name":"github.com/veracode/veracode-dast-essentials-action","commit":"9369f104cf94fc98b9d7c21cdb6cfde3312ca8f2"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2,"checks":[{"name":"Code-Review","score":0,"reason":"Found 1/11 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 6 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"13 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-7r3h-m5j6-3q42","Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc","Warn: Project is vulnerable to: GHSA-4w2v-q235-vp99","Warn: Project is vulnerable to: GHSA-cph5-m8f7-6c5x","Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx","Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6","Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q","Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c","Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc","Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp","Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-24T23:14:39.342Z","repository_id":209674665,"created_at":"2025-08-24T23:14:39.345Z","updated_at":"2025-08-24T23:14:39.345Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28478007,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-16T06:30:42.265Z","status":"ssl_error","status_checked_at":"2026-01-16T06:30:16.248Z","response_time":107,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-16T07:06:57.389Z","updated_at":"2026-01-16T07:06:59.763Z","avatar_url":"https://github.com/veracode.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Veracode DAST Essentials Action\n\nA Github Action for running a [Veracode](https://veracode.com) scan to perform Dynamic Application Security Testing (DAST).\n\nThe Veracode DAST Essentials will run a security scan against the scan target that belongs to the given webhook. You can optionally wait for the security scan to finish and download the report as JUnit XML file for further processing or simply start the security scan.\n\n**WARNING** This action will perform attacks on the scan target. You must only run this security scan on targets where you have the permission to run such an attack.\n\n## Inputs\n\n### `VERACODE_WEBHOOK`\n\n**Required** Webhook Secret of the Veracode DAST Essentials Scan Target.\n\n### `VERACODE_SECRET_ID`\n\n**Required** Veracode API Secret ID.\n\n### `VERACODE_SECRET_ID_KEY`\n\n**Required** Region.\n\n### `REGION`\n\nThe region of Veracode DAST Essentials.\n- eu - for domain veracode.eu\n- us - for domain veracode.com\n\n**Required** Veracode API Secret ID.\n\n### `pull-report`\n\nFlag whether the report should be downloaded as JUnit XML file. Default `\"false\"`.\n\n## Example usage\n\n```\n    - name: Veracode DAST Essentials Action Step\n      id: veracode\n      uses: veracode/veracode-dast-essentials-action@v1.0.1\n      with:\n        VERACODE_WEBHOOK: '${{ secrets.VERACODE_WEBHOOK }}'\n        VERACODE_SECRET_ID: '${{ secrets.VERACODE_SECRET_ID }}'\n        VERACODE_SECRET_ID_KEY: '${{ secrets.VERACODE_SECRET_ID_KEY }}'\n        REGION: '${{ secrets.REGION }}'\n        pull-report: 'true'\n```\n\n### Display Results\n\nIn order to display the test results as annotations, use any action that parses the JUnit XML file. You may use e.g. [https://github.com/marketplace/actions/junit-report](https://github.com/marketplace/actions/junit-report).\n\n```\n- name: Publish Test Report\n  uses: mikepenz/action-junit-report@v1\n  with:\n    report_paths: 'report.xml'\n    github_token: ${{ secrets.GITHUB_TOKEN }}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fveracode%2Fveracode-dast-essentials-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fveracode%2Fveracode-dast-essentials-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fveracode%2Fveracode-dast-essentials-action/lists"}