Veracode 101
Veracode 101
Veracode is an application security company based in Burlington, Massachusetts. Founded in 2006, the company provides an automated cloud-based service for securing web, mobile and third-party enterprise applications. Veracode provides multiple security analysis technologies on a single platform, including static analysis, dynamic analysis, mobile application behavioral analysis and software composition analysis.
Generating API ID and Key Credentials
https://help.veracode.com/reader/eAvornYxfrGF2caDJIBu_g/yE4jl37CaWnbs3pklHymtw
Enter Point : https://web.analysiscenter.veracode.com/login/
Jenkins Plugin
https://help.veracode.com/reader/PgbNZUD7j8aY7iG~hQZWxQ/yQtYXnlbLA6wsWodLn5zdw
stage('Veracode Upload and Scan') {
withCredentials([usernamePassword(credentialsId: 'veracode', passwordVariable: 'PASSWD', usernameVariable: 'USER')]) {
veracode applicationName: 'xxx',
canFailJob: true, createProfile: true, criticality: 'VeryHigh', copyRemoteFiles: true,
fileNamePattern: '', replacementPattern: '', sandboxName: '', scanExcludesPattern: '', scanIncludesPattern: '',
scanName: 'xxx', teams: 'xxx', timeout: 15,
uploadExcludesPattern: '', uploadIncludesPattern: 'target/*.jar',
vid: xxx, vkey: xxx,
vpassword: '$PASSWD', vuser: '$USER'
}
}
IntelliJ Plugin
https://help.veracode.com/reader/eAvornYxfrGF2caDJIBu_g/iR2_LR5COGINggJXsOqwYg
Download Greenlight : https://plugins.jetbrains.com/plugin/10026
Download Static : https://tools.veracode.com/integrations/IntelliJ/bin/IntelliJ.zip
Install the Veracode Static IntelliJ Plugin
Manual: https://help.veracode.com/reader/eAvornYxfrGF2caDJIBu_g/Zq0WmUwrDxTWqP9x9nQ01Q
Downloading plugin for IntellJ: https://tools.veracode.com/integrations/IntelliJ/bin/IntelliJ.zip
Upload Binaries to Scan Using the Veracode IntelliJ Plugin
VS Code Extension
1. Generate your Veracode API ID and key on the Veracode Platform.
2. Run Command Prompt.
# Navigate to your user directory.
cd Users\<your username>
# Create a folder named ".veracode".
md .veracode
# Open Visual Studio Code and create a new file.
# Copy and paste the following template into the new file.
# [greenlight]
# veracode_api_key_id = <Your Veracode API ID>
# veracode_api_key_secret = <Your Veracode API Key>
# Replace the ID and key values in the template with your Veracode API ID and key. For example:
# Save the file as "credentials" with the "Save as type" set to "No Extension".
3. Return to Visual Studio Code and run a scan.
Scan a file with Veracode Greenlight through any of the following methods:
- Save your file with auto-scan enabled.
- Type **Ctrl + Shift + \ **(Windows) and **⌃ + ⇧ + \ **(macOS).
- Run "Veracode: Scan with Greenlight" from the Command Palette.
- Click the Greenlight icon in the file toolbar.
- Right-click a file in the Explorer and select "Scan with Greenlight".