Skip to content
/ veracode-badge Public

a deployment to produce badges for repositories decorations

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Lerer/veracode-badge

BranchesTags

Repository files navigation

serverless Maintained by Yaakov Lerer GitHub issues

Veracode Badges

For README and other git repository decoration

Note - The solution require AWS account for deployment

Example

Veracode Policy Pass Badge

Veracode Policy Fail Badge

Instruction:

To utilize the content, you will need to implement the following:

  1. Setup permissions in the Veracode portal
  2. Install NodeJS, NPM, and the Serverless Framework
  3. Clone the repository
  4. Creation of AWS deployment role
  5. Configure the Serverless Framework to your AWS Account (using the pre-defined deployment role)
  6. Update Environment Variable and Deploy
  7. Update your .md files

Installation details:

1. Setup Veracode Account permissions

We want to make sure the badge API only expose information for specific Application profiles.

  1. Login to the Veracode platform as Admin (we need to create team and user)
  2. Navigate to the Admin section and create a new team (to control visibility)
    • do not select any user for that group
  3. Navigate to the users admin section and create a new API Account
    • Assign a single role: Result API
    • Select the Team you create in the previous step
  4. Add the new Team to the applications` profiles you want to enable badging for.
  5. Check your email inbox for the new Account Activation email and follow the steps to activate

2. install NodeJS, NPM, and Serverless

  1. Use the following links and follow the instruction to install the LTS version:
  2. If you don't have account in SERVERLESS, please create one (it is free)
  3. From your command line login to your account using serverless login and follow the instructions

3. Clone, Update and Deploy

  1. Clone this repository: git clone https://github.com/lerer/veracode-badge
  2. Import dependencies by executing npm install
  3. Copy empty.env to .env and update the attributes
    • VERACODE_API_KEY=<From the credentials in #1.5>
    • VERACODE_API_SECRET=<From the credentials in #1.5>
    • AWS_Region=<Your AWS deployment region>
    • AWS_Account_ID=<Your AWS Account ID (Numeric)>
    • Stage=<dev|prod>

4. AWS Policy for the deployment of the solution

In order to provided the minimun policy required for the deployment of the solutions, we will need to generate a Policy.

  1. Run the command: npm run generate-permissions which will generate a JSON format policy.
    • This will only work correctly if you filled-in the environment variable in the previous stage
    • The policy is generates in the project root directory inside a file: policy.json
  2. Login to your AWS portal, navigate IAM Service and create a new policy
    1. Paste the policy.json file content into the JSON area of the policy. (Don't use the Visual editor).
    2. Save the policy
References

Serverless framework (used in the solution) need a role in AWS which will allow it to deploy its resources. An easy example can be found here:

Example with explanaition how to deploy custom AWS IAM role:

Online Policy Generator

Note - the above generator may miss or generate over permissive policy

5. Configure Serverless to deploy to your AWS account

Serverless framework has few options to configure it. The method I tested was a manual deployment from my desktop.

  1. Create an AWS account for Serverless using the policy created in the previous stage: Creating an IAM user in your AWS account
    • Select programmatic access for user type
  2. Save the Access Key ID and Secret Access Key
  3. Connect your Serverless to AWS using the new user using the instructions in the credentials configuration
    • From the terminal: serverless config credentials --provider aws --key <Access Key ID> --secret <Secret Access Key>

6. Update Environment Variable and Deploy

  1. Navigate to package.json file and update the deploy scripts with your own AWS deployment region Here: 
    "scripts": {
  ...
  "deploy-dev": "serverless deploy --stage dev --region ap-southeast-2",
  "deploy": "serverless deploy --region ap-southeast-2",
  ...
}
  2. Run the deployment command: npm run deploy
  3. Pay attenbtion to the deployment output for output and any error/s
    • look for the Service Information section and note the endpoint which should look similar to:
      • GET - https://n91dqmmhqy.execute-api.ap-southeast-2.amazonaws.com/prod/badge

7. Update your .md files

Add the following text to the top of your README.md file

![Veracode SAST Policy compliance](https://n91dqmmhqy.execute-api.ap-southeast-2.amazonaws.com/prod/badge?appname=<Veracode Application Name>)

Note - replace the <Veracode Application Name> with your Veracode Application ptrofile name

Solution Imlpementation:

The repository contains an implementation of SERVERLESS framework which can deploy a set of (18) resources in a chosen AWS region.

Among the resources:

Endpoints:

  • GET - https://<AWS API ID>.execute-api.<region>.amazonaws.com/<stage>/badge

Functions:

  • badgeHandler: {project}-{stage}-badgeHandler

Uninstall

To remove your solution entirely from AWS, simply run the following command from the terminal: npm run remove

About

a deployment to produce badges for repositories decorations

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages