Pipeline Scan prerequisites
Your environment must meet these specific prerequisites before you can successfully upload your packaged application to Veracode and run Pipeline Scans:
-
An active Veracode Static Analysis license.
-
One of the following Veracode accounts:
-
You have generated API credentials. You can provide your credentials to the Pipeline Scan with the command parameters or with an API credentials file.
-
Enable port 443 in the environments you run Pipeline Scans. The Pipeline Scan uses the Pipeline Scan REST APIs, which use the standard HTTPS port 443.
-
You have ensured that all required Veracode IP addresses for the Veracode APIs and integrations are on the allowlist for your organization. Pipeline Scan uses these addresses to authenticate with Veracode. To update your allowlist, you might need to contact your IT team.
-
You have compiled and packaged your application source files according to the packaging requirements.
-
You have installed Java 8 or later.
-
You have access to a development or test pipeline to which you can add the Pipeline Scan. If you do not have access to a pipeline, you can try running the Pipeline Scan from the command line.
noteEach pipeline scan is limited to a maximum scan time of 60 minutes.
-
The application you want to scan:
-
Builds successfully.
-
Does not exceed the total file size limit of 200 MB.
-
Meets the packaging requirements for the supported languages
noteYou cannot use the Pipeline Scan if the source-code language for your application is not supported.
-
-
If you are using authenticated HTTPS proxy connections, ensure you have configured the proxy settings using this format:
java -Dhttps.proxyHost={myproxy} -Dhttps.proxyPort={myport} -Dhttps.proxyUser={myuser} -Dhttps.proxyPassword={mypass}