The following plugin provides functionality available through Pipeline-compatible steps. Read more about how to integrate steps into your Pipeline in the Steps section of the Pipeline Syntax page.

For a list of other such plugins, see the Pipeline Steps Reference page.

Veracode Scan

veracodeDynamicAnalysisReview: Review Veracode Dynamic Analysis Results

  • waitForResultsDuration : int (optional)

    The number of hours to wait for the Veracode Dynamic Analysis results to be available. If the results are not available after the specified wait time, the Jenkins build fails.

  • failBuildForPolicyViolation : boolean (optional)
  • debug : boolean (optional)
    Enable to display additional information in the console output.
  • useProxy : boolean (optional)
  • pHost : String (optional)
    Enter the proxy host.
  • pPort : String (optional)
    Enter the port number for the proxy host.
  • pUser : String (optional)
    Enter the username for the proxy server, if required.
  • pPassword : String (optional)
    Enter the password for the proxy server, if required.
  • vid : String (optional)

    For added security, Veracode highly recommends to use the Credentials Binding plugin to store Veracode API credentials. Jenkins binds the credentials to environment variables that appear in scripts instead of the actual credentials.

    Enter the environment variable reference to bind your Veracode API ID. If you are using an environment variable, delete the quotes around the value for vid in the pipeline script.

  • vkey : String (optional)

    For added security, Veracode highly recommends to use the Credentials Binding plugin to store Veracode API credentials. Jenkins binds the credentials to environment variables that appear in scripts instead of the actual credentials.

    Enter the environment variable reference to bind your Veracode API key. If you are using an environment variable, delete the quotes around the value for vkey in the pipeline script.

veracodeDynamicAnalysisResubmit: Resubmit Veracode Dynamic Analysis

  • analysisName : String (optional)

    Enter a name for the Dynamic Analysis. This name must match the Dynamic Analysis name configured on the Veracode Platform, or the Dynamic Analysis scan fails.

  • maximumDuration : int (optional)

    The number of hours that the Dynamic Analysis can run. The default duration is three days (72 hours) and the maximum duration is 25 days (600 hours).

  • failBuildAsScanFailed : boolean (optional)

    Enable to fail the Jenkins build if the Dynamic Analysis post-build actions fails.

  • vid : String (optional)

    For added security, Veracode highly recommends to use the Credentials Binding plugin to store Veracode API credentials. Jenkins binds the credentials to environment variables that appear in scripts instead of the actual credentials.

    Enter the environment variable reference to bind your Veracode API ID. If you are using an environment variable, delete the quotes around the value for vid in the pipeline script.

  • vkey : String (optional)

    For added security, Veracode highly recommends to use the Credentials Binding plugin to store Veracode API credentials. Jenkins binds the credentials to environment variables that appear in scripts instead of the actual credentials.

    Enter the environment variable reference to bind your Veracode API key. If you are using an environment variable, delete the quotes around the value for vkey in the pipeline script.

  • debug : boolean (optional)
    Enable to display additional information in the console output.
  • useProxy : boolean (optional)
  • pHost : String (optional)
    Enter the proxy host.
  • pPort : String (optional)
    Enter the port number for the proxy host.
  • pUser : String (optional)
    Enter the username for the proxy server, if required.
  • pPassword : String (optional)
    Enter the password for the proxy server, if required.

veracodeDynamicRescan: Dynamic Rescan with Veracode Pipeline

  • applicationName : String (optional)

    Enter the name of the application.

    You can either use the name of an application that already exists in the Veracode Platform, or enter $projectname to use the Jenkins project name as the application name.

  • dvrEnabled : boolean (optional)

    Selecting this checkbox enables Dynamic Vulnerability Rescan.

  • canFailJob : boolean (optional)
    Select this option if you want the Jenkins job to fail if the upload and scan or dynamic rescan post-build action fails. If you do not select this option and either of these post-build actions does fail, the log will show the failure but you will not be notified.
  • debug : boolean (optional)
    Select the checkbox to display additional information in the console output window, including the supplied credentials.
  • useProxy : boolean (optional)
  • pHost : String (optional)
    Enter the proxy host.
  • pPort : int (optional)
    Enter the port number if the proxy host has a port.
  • pUser : String (optional)
    If the proxy server is password protected, enter your username and password in the Username and Password fields.
  • pPassword : String (optional)
    If the proxy server is password protected, enter your username and password in the Username and Password fields.
  • vid : String (optional)
    Enter your Veracode API ID. For instructions on generating your API credentials, search for "Credentials" in the Veracode Documentation.
  • vkey : String (optional)
    Enter your Veracode API key. For instructions on generating your API credentials, search for "Credentials" in the Veracode Documentation.

veracode: Upload and Scan with Veracode Pipeline

  • applicationName : String (optional)

    Enter the name of the application. This can be an application that already exists on the Veracode Platform, or a new one that Jenkins creates.

  • criticality : String (optional)
    Enter the business criticality for the application.
  • sandboxName : String (optional)

    Enter the name of the sandbox. This can be a sandbox that already exists on the Veracode Platform, or a new one that Jenkins creates.

    If you leave this field empty, no sandbox is used.

  • scanName : String (optional)

    Enter a name for the static scan you want to submit to the Veracode Platform for this application. Scan name is equivalent to Version or Build in the Veracode API.

  • waitForScan : boolean (optional)
  • timeout : int (optional)
    This option will submit the scan and wait the given amount of time. If the scan does not complete and pass policy compliance within the allotted time, then the build will fail.
  • deleteIncompleteScanLevel : String (optional)

    Select one of these levels for deleting an incomplete scan:

    • 0 to not delete an incomplete scan when running the uploadandscan action.
    • 1 to delete a scan with a status of incomplete, no modules defined, failed, or canceled to proceed with the uploadandscan action. If errors occur when running uploadandscan, the Java wrapper will automatically delete the scan.
    • 2 to delete a scan with any status except for "Results Ready" to proceed with the uploadandscan action. If errors occur when running uploadandscan, the Java wrapper will automatically delete the scan.
  • createProfile : boolean (optional)

    Selecting this checkbox creates a new application if a matching application is not found on the Veracode Platform.

    If the checkbox is not selected and a matching application is not found on the Veracode Platform, the Jenkins build will fail.

  • teams : String (optional)

    Enter the name of the teams to which you want to assign this application.

    • You must enter a team name if you have any user account role other than Security Lead. If you leave this field empty, the job will fail.
    • Use a comma-separated list for multiple team names.
    • The team name is case-sensitive and must exactly match the team name as entered in the Veracode Platform.
    • If you assign the application to a non-existent team, the job will fail.

  • createSandbox : boolean (optional)

    Selecting this checkbox creates a new sandbox if a sandbox name is provided and a matching sandbox is not found on the Veracode Platform.

    If the checkbox is not selected, a sandbox name is provided, and a matching sandbox is not found on the Veracode Platform, the Jenkins build will fail.

  • timeoutFailsJob : boolean (optional)
  • canFailJob : boolean (optional)
    Fail the Jenkins job if a Veracode task fails or the application fails to pass a security policy.
  • unstableBuild : boolean (optional)
    Select this option to change the Jenkins job status to Unstable if the policy evaluation of the application returns Did Not Pass or Conditional Pass.
  • debug : boolean (optional)
    Select the checkbox to display additional information in the console output window.
  • uploadIncludesPattern : String (optional)

    Enter the filepaths of the files to upload for scanning, represented as a comma-separated list of ant-style include patterns relative to the job's workspace root directory.

    Patterns are case-sensitive. Patterns that include commas because they denote filepaths that contain commas need to replace the commas with a wildcard character.

    If no filepaths are provided, all files in the job's workspace root directory are included.

    See http://ant.apache.org/manual/dirtasks.html for more info.

  • uploadExcludesPattern : String (optional)

    Enter the filepaths of the files to exclude from the upload for scanning, represented as a comma-separated list of ant-style exclude patterns relative to the job's workspace root directory.

    Patterns are case-sensitive. Patterns that include commas because they denote filepaths that contain commas need to have the commas replaced with a wildcard character.

    If no filepaths are provided, no files (except default excludes) in the job's workspace root directory are excluded.

    See http://ant.apache.org/manual/dirtasks.html for more info.

  • scanIncludesPattern : String (optional)

    Enter the filenames of the uploaded files to scan as top level modules, represented as a comma-separated list of ant-style include patterns such that '*' matches 0 or more characters and '?' matches exactly 1 character.

    Patterns are case-sensitive. Patterns that include commas because they denote filenames that contain commas need to replace the commas with a wildcard character.

    Because the matching is performed based only on filename, it is incorrect to use patterns that include path separators ('\' or '/').

    If no filenames are provided, all uploaded files are included as top level modules.

  • scanExcludesPattern : String (optional)

    Enter the filenames of the uploaded files to not scan as top level modules, represented as a comma-separated list of ant-style exclude patterns such that '*' matches 0 or more characters and '?' matches exactly 1 character.

    Patterns are case-sensitive. Patterns that include commas because they denote filenames that contain commas need to replace the commas with a wildcard character.

    Because the matching is performed based only on filename, it is incorrect to use patterns that include path separators ('\' or '/').

    If no filepaths are provided, no files (except default excludes) in the job's workspace root directory are excluded.

  • fileNamePattern : String (optional)

    Enter the filename pattern that represents the names of the uploaded files that should be saved with a different name. The '*' wildcard matches 0 or more characters. The '?' wildcard matches exactly 1 character. Each wildcard corresponds to a numbered group that can be referenced in the replacement pattern.

    Pattern is case-sensitive.

    Because the matching is performed based only on filename, it is incorrect to use patterns that include path separators ('\' or '/').

    No uploaded files are saved with a different name when either the filename pattern or the replacement pattern is omitted.

  • replacementPattern : String (optional)

    Enter the replacement pattern that represents the groups captured by the filename pattern. For example, if the filename pattern is '*-*-SNAPSHOT.war' and the replacement pattern '$1-SNAPSHOT.war', an uploaded file named 'app-branch-SNAPSHOT.war' would be saved as 'app-SNAPSHOT.war'.

    In order to specify a replacement pattern that includes a reference to a captured group followed by a number, place the captured group's index inside curly braces. For example, if the filename pattern is '*-*-SNAPSHOT.war' and the replacement pattern '${1}5-SNAPSHOT.war', an uploaded file named 'app-branch-SNAPSHOT.war' would be saved as 'app5-SNAPSHOT.war'.

    New filenames for uploaded files must be valid. Path separators ('\' or '/') should not be included.

    No uploaded files are saved with a different name when either the filename pattern or the replacement pattern is omitted.

  • copyRemoteFiles : boolean (optional)

    This option is only applicable when the build is done by a remote machine in a remote workspace.

    • If you do not select this checkbox (default), the output files are uploaded to Veracode from the remote workspace.
    • If you select this checkbox, the output files are copied from the remote machine to a local, temporary directory in Controller and then updated to Veracode.

  • useProxy : boolean (optional)
  • pHost : String (optional)
    Enter the proxy host.
  • pPort : String (optional)
    Enter the port number if the proxy host has a port.
  • pUser : String (optional)
    If the proxy server is password protected, enter your username and password in the Username and Password fields.
  • pPassword : String (optional)
    If the proxy server is password protected, enter your username and password in the Username and Password fields.
  • vid : String (optional)
    Enter your Veracode API ID. For instructions on generating your API credentials, search for "Credentials" in the Veracode Documentation.
  • vkey : String (optional)
    Enter your Veracode API key. For instructions on generating your API credentials, search for "Credentials" in the Veracode Documentation.
  • deleteIncompleteScan : boolean (optional)

    Select one of these levels for deleting an incomplete scan:

    • 0 to not delete an incomplete scan when running the uploadandscan action.
    • 1 to delete a scan with a status of incomplete, no modules defined, failed, or canceled to proceed with the uploadandscan action. If errors occur when running uploadandscan, the Java wrapper will automatically delete the scan.
    • 2 to delete a scan with any status except for "Results Ready" to proceed with the uploadandscan action. If errors occur when running uploadandscan, the Java wrapper will automatically delete the scan.

Was this page helpful?

Please submit your feedback about this page through this quick form.

Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?

    


See existing feedback here.