From c96714d312284a807342b195c1efad2e142530b2 Mon Sep 17 00:00:00 2001
From: Julian Totzek-Hallhuber <j.totzek@gmail.com>
Date: Mon, 11 Aug 2025 13:56:03 +0200
Subject: [PATCH] Update veracode-sca-scan.yml

---
 .github/workflows/veracode-sca-scan.yml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/.github/workflows/veracode-sca-scan.yml b/.github/workflows/veracode-sca-scan.yml
index 6e08d591..90953a16 100644
--- a/.github/workflows/veracode-sca-scan.yml
+++ b/.github/workflows/veracode-sca-scan.yml
@@ -78,6 +78,29 @@ jobs:
           fi
           rm -rf veracode-helper
 
+      - name: Check for requirements files and create Pipfile.lock
+        run: |
+          if [ -f "requirements.txt" ] || [ -f "requirements-dev.txt" ] || [ -f "dev-requirements.txt" ]; then
+            if [ -f "Pipfile.lock" ]; then
+              echo "- Requirements file(s) found but Pipfile.lock already exists. Skipping pip install process."
+            else
+              echo "- Requirements file(s) found. Creating Pipfile.lock..."
+              if [ -f "requirements.txt" ]; then
+                echo "-- Installing from requirements.txt"
+                pip install -r requirements.txt
+              elif [ -f "requirements-dev.txt" ]; then
+                echo "-- Installing from requirements-dev.txt"
+                pip install -r requirements-dev.txt
+              elif [ -f "dev-requirements.txt" ]; then
+                echo "-- Installing from dev-requirements.txt"
+                pip install -r dev-requirements.txt
+              fi
+              echo "-- Pipfile.lock creation process completed."
+            fi
+          else
+            echo "- No requirements files found. Skipping pip install process."
+          fi
+
       - name: Run Veracode SCA
         env:
           SRCCLR_API_TOKEN: ${{ secrets.VERACODE_AGENT_TOKEN }}