Veracode 101

Veracode 101

Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, the company provides an automated cloud-based service for securing web, mobile and third-party enterprise applications. Veracode provides multiple security analysis technologies on a single platform, including static analysis, dynamic analysis, mobile application behavioral analysis and software composition analysis.

Generating API ID and Key Credentials

https://help.veracode.com/reader/eAvornYxfrGF2caDJIBu_g/yE4jl37CaWnbs3pklHymtw

Enter Point : https://web.analysiscenter.veracode.com/login/


Jenkins Plugin

https://help.veracode.com/reader/PgbNZUD7j8aY7iG~hQZWxQ/yQtYXnlbLA6wsWodLn5zdw

    stage('Veracode Upload and Scan') {
      withCredentials([usernamePassword(credentialsId: 'veracode', passwordVariable: 'PASSWD', usernameVariable: 'USER')]) {
        veracode applicationName: 'xxx', 
        canFailJob: true, createProfile: true, criticality: 'VeryHigh', copyRemoteFiles: true,
        fileNamePattern: '', replacementPattern: '', sandboxName: '', scanExcludesPattern: '', scanIncludesPattern: '', 
        scanName: 'xxx', teams: 'xxx', timeout: 15, 
        uploadExcludesPattern: '', uploadIncludesPattern:  'target/*.jar',
        vid: xxx, vkey: xxx,
        vpassword: '$PASSWD', vuser: '$USER'
        }
    }

IntelliJ Plugin

https://help.veracode.com/reader/eAvornYxfrGF2caDJIBu_g/iR2_LR5COGINggJXsOqwYg

Download Greenlight : https://plugins.jetbrains.com/plugin/10026
Download Static : https://tools.veracode.com/integrations/IntelliJ/bin/IntelliJ.zip

Install the Veracode Static IntelliJ Plugin

https://www.youtube.com/watch?v=sLadil3Y7sQ

Manual: https://help.veracode.com/reader/eAvornYxfrGF2caDJIBu_g/Zq0WmUwrDxTWqP9x9nQ01Q

Downloading plugin for IntellJ: https://tools.veracode.com/integrations/IntelliJ/bin/IntelliJ.zip

Upload Binaries to Scan Using the Veracode IntelliJ Plugin

https://www.youtube.com/watch?v=ZlrcHGWLSqc


VS Code Extension

https://marketplace.visualstudio.com/items?itemName=vs-publisher-1464889.veracode-greenlight-for-vs-code

1. Generate your Veracode API ID and key on the Veracode Platform.

2. Run Command Prompt.

# Navigate to your user directory.
cd Users\<your username>
# Create a folder named ".veracode".
md .veracode
# Open Visual Studio Code and create a new file.
# Copy and paste the following template into the new file.

# [greenlight]
# veracode_api_key_id = <Your Veracode API ID>
# veracode_api_key_secret = <Your Veracode API Key>

# Replace the ID and key values in the template with your Veracode API ID and key. For example:

# Save the file as "credentials" with the "Save as type" set to "No Extension".

3. Return to Visual Studio Code and run a scan.

Scan a file with Veracode Greenlight through any of the following methods:

  • Save your file with auto-scan enabled.
  • Type **Ctrl + Shift + \ **(Windows) and **⌃ + ⇧ + \ **(macOS).
  • Run "Veracode: Scan with Greenlight" from the Command Palette.
  • Click the Greenlight icon in the file toolbar.
  • Right-click a file in the Explorer and select "Scan with Greenlight".