Pipeline Scan Prerequisites

Your environment must meet these specific prerequisites before you can successfully upload your packaged application to Veracode and run Pipeline Scans:

• An active Veracode Static Analysis license.

• One of these Veracode accounts:

  • A user account with the following user roles:

    • Creator or Security Lead to create application profiles and upload and scan applications.
    • Submitter role to create a new scan for an existing application and upload and scan these applications.

  • An API service account with the following API roles:

    • Upload and Scan API to create application profiles and upload and scan applications.
    • Upload API - Submit Only to submit scans.

    A Veracode account is limited to six Pipeline Scans per 60 seconds and each scan is limited to a maximum scan time of 60 minutes.

• You have generated Veracode API credentials. You can provide your credentials to the Pipeline Scan with the command parameters or with a Veracode API credentials file.

• Enable port 443 in the environments you run Pipeline Scans. The Pipeline Scan uses the Pipeline Scan REST APIs, which use the standard HTTPS port 443.

• You have installed Java 8 or later.

• You have access to a development or test pipeline to which you can add the Pipeline Scan. If you do not have access to a pipeline, you can try running the Pipeline Scan from the command line.

• The application you want to scan:

  • Builds successfully.
  • Does not exceed the total file size limit of 200 MB.
  • Meets the packaging requirements. For language support specific to Veracode Pipeline Scan, see Pipeline Scan Supported Languages.
    note

    You cannot use the Pipeline Scan if the source-code language for your application is not supported.

• If you are using authenticated HTTPS proxy connections, ensure you have configured the proxy settings using this format:

  java -Dhttps.proxyHost={myproxy} -Dhttps.proxyPort={myport} -Dhttps.proxyUser={myuser} -Dhttps.proxyPassword={mypass}