About Pipeline Scan Prerequisites

Pipeline Scan
Publication
Pipeline Scan
Edition date
2023-02-03
Last publication
2023-02-03T16:58:35.498922

Your environment must meet these specific prerequisites before you can successfully upload your packaged application to Veracode and run Pipeline Scans:

  • An active Veracode Static Analysis license.

  • One of these Veracode accounts:

    • A user account with these user roles:
      • Creator or Security Lead to create application profiles and upload and scan applications.
      • Submitter role to create a new scan for an existing application and upload and scan these applications.
    • An API service account with these API roles:
      • Upload and Scan API to create application profiles and upload and scan applications.
      • Upload API - Submit Only to submit scans. A Veracode account is limited to six Pipeline Scans per 60 seconds and each scan is limited to a maximum scan time of 60 minutes.

  • You have generated Veracode API credentials. You can provide your credentials to the Pipeline Scan with the command parameters or with a Veracode API credentials file.

  • Enable port 443 in the environments you run Pipeline Scans. The Pipeline Scan uses the Pipeline Scan REST APIs, which use the standard HTTPS port 443.
  • You have installed Java 8 or later.
  • You have access to a development or test pipeline to which you can add the Pipeline Scan. If you do not have access to a pipeline, you can try running the Pipeline Scan from the command line.

  • The application you want to scan:

    • Builds successfully.
    • Does not exceed the total file size limit of 200 MB.

    • Meets the packaging requirements. The Pipeline Scan supports applications built on these languages:

      • .NET
      • Android
      • C
      • C++
      • ColdFusion
      • Cordova
      • Groovy
      • GoLang
      • IONIC
      • Java
      • JavaScript
      • Kotlin
      • PhoneGap
      • PHP
      • Python
      • React Native
      • Scala
      • Titanium
      • Xamarin

      Note: You cannot use the Pipeline Scan if the source-code language for your application is not supported.

  • If you are using authenticated HTTPS proxy connections, you have configured the proxy settings using this format:

    java -Dhttps.proxyHost=<myproxy> -Dhttps.proxyPort=<myport> -Dhttps.proxyUser=<myuser> -Dhttps.proxyPassword=<mypass>