Configure Your Agent-Based Scanning Jenkins Job

Veracode Software Composition Analysis

  1. Select the job you want to scan.
  2. Click Configure.
  3. Click the Build Environment tab.
  4. Select Use secret text(s) or file(s).
  5. Under Bindings, select Add > Secret text.
  6. For Variable, enter SRCCLR_API_TOKEN.
  7. Select SRCCLR_API_TOKEN.
  8. In the build section, select Add build step > Execute shell.
    Note: You can include the shell as a pre- or post-build step.
  9. Add the following command to the shell command box:
    curl -sSL https://download.sourceclear.com/ci.sh | sh
  10. Save your build.
The next time your job runs, Veracode SCA performs an agent-based scan.