Pipeline Scan Prerequisites
Your environment must meet these specific prerequisites before you can successfully upload your packaged application to Veracode and run Pipeline Scans:
An active Veracode Static Analysis license.
One of these Veracode accounts:
A user account with the following user roles:
- Creator or Security Lead to create application profiles and upload and scan applications.
- Submitter role to create a new scan for an existing application and upload and scan these applications.
An API service account with the following API roles:
- Upload and Scan API to create application profiles and upload and scan applications.
- Upload API - Submit Only to submit scans.
A Veracode account is limited to six Pipeline Scans per 60 seconds and each scan is limited to a maximum scan time of 60 minutes.
You have generated Veracode API credentials. You can provide your credentials to the Pipeline Scan with the command parameters or with a Veracode API credentials file.
Enable port 443 in the environments you run Pipeline Scans. The Pipeline Scan uses the Pipeline Scan REST APIs, which use the standard HTTPS port 443.
You have installed Java 8 or later.
You have access to a development or test pipeline to which you can add the Pipeline Scan. If you do not have access to a pipeline, you can try running the Pipeline Scan from the command line.
The application you want to scan:
- Builds successfully.
- Does not exceed the total file size limit of 200 MB.
- Meets the packaging requirements. For language support specific to Veracode Pipeline Scan, see Pipeline Scan Supported Languages.note
You cannot use the Pipeline Scan if the source-code language for your application is not supported.
If you are using authenticated HTTPS proxy connections, ensure you have configured the proxy settings using this format:
java -Dhttps.proxyHost={myproxy} -Dhttps.proxyPort={myport} -Dhttps.proxyUser={myuser} -Dhttps.proxyPassword={mypass}