About Pipeline Scan Prerequisites

Pipeline Scan

Pipeline Scan
Edition date
Last publication

Your environment must meet these specific prerequisites before you can successfully upload your packaged application to Veracode and run Pipeline Scans:

  • An active Veracode Static Analysis license.
  • One of these Veracode accounts:

    • A user account with these user roles:
      • Creator or Security Lead to create application profiles and upload and scan applications.
      • Submitter role to create a new scan for an existing application and upload and scan these applications.
    • An API service account with these API roles:
      • Upload and Scan API to create application profiles and upload and scan applications.
      • Upload API - Submit Only to submit scans. A Veracode account is limited to six Pipeline Scans per 60 seconds and each scan is limited to a maximum scan time of 60 minutes.
  • You have generated Veracode API credentials. You can provide your credentials to the Pipeline Scan with the command parameters or with a Veracode API credentials file.

  • Enable port 443 in the environments you run Pipeline Scans. The Pipeline Scan uses the Pipeline Scan REST APIs, which use the standard HTTPS port 443.
  • You have installed Java 8 or later.
  • You have access to a development or test pipeline to which you can add the Pipeline Scan. If you do not have access to a pipeline, you can try running the Pipeline Scan from the command line.
  • The application you want to scan:

    • Builds successfully.
    • Does not exceed the total file size limit of 200 MB.
    • Meets the packaging requirements. The Pipeline Scan supports applications built on these languages:

      • .NET
      • Android
      • C
      • C++
      • ColdFusion
      • Cordova
      • Groovy
      • GoLang
      • IONIC
      • Java
      • JavaScript
      • Kotlin
      • PhoneGap
      • PHP
      • Python
      • React Native
      • Scala
      • Titanium
      • Xamarin

      Note: You cannot use the Pipeline Scan if the source-code language for your application is not supported.

  • If you are using authenticated HTTPS proxy connections, you have configured the proxy settings using this format:

    java -Dhttps.proxyHost=<myproxy> -Dhttps.proxyPort=<myport> -Dhttps.proxyUser=<myuser> -Dhttps.proxyPassword=<mypass>