Your environment must meet specific prerequisites before you can successfully upload your packaged application to Veracode and run Pipeline Scans.
- An active Veracode Static Analysis license.
- One of these Veracode accounts:A Veracode account is limited to six Pipeline Scans per 60 seconds and each scan is limited to a maximum scan time of 60 minutes.
- A user account with these user roles:
- Creator or Security Lead to create application profiles and upload and scan applications.
- Submitter role to create a new scan for an existing application and upload and scan these applications.
- An API service account with these API roles:
- Upload and Scan API to create application profiles and upload and scan applications.
- Upload API - Submit Only to submit scans.
- A user account with these user roles:
- You have generated Veracode API credentials. You can provide your credentials to the Pipeline Scan with the command parameters or with a Veracode API credentials file.
- You have installed Java 8 or later.
- You have access to a development or test pipeline to which you can add the Pipeline Scan. If you do not have access to a pipeline, you can try running the Pipeline Scan from the command line.
- The application you want to scan:
- Builds successfully.
- Does not exceed the total file size limit of 200 MB.
- Meets the packaging requirements. The Pipeline Scan supports applications built on these languages:
.NET Kotlin Android PHP Cordova Python Groovy React Native Java Scala JavaScript Titanium Note: You cannot use the Pipeline Scan if the source-code language for your application is not supported.
- If you are using authenticated HTTPS proxy connections, you have configured the proxy
settings using this format:
java -Dhttps.proxyHost=<myproxy> -Dhttps.proxyPort=<myport> -Dhttps.proxyUser=<myuser> -Dhttps.proxyPassword=<mypass>