You can integrate Veracode Software Composition Analysis agent-based scanning into most continuous integration (CI) systems. The integration requires you to create an agent and add the agent token and scan command to your CI project.
By default, the agent you create is only visible to members of the workspace in which you created the agent. To allow visibility, invite teams to your workspace.
- In the Veracode Platform, select .
- Click the Agent-Based Scan tab.
- Select a workspace.
- Click .
Select any option from the Integration Options section.
The option you select does not affect the agent or your scan results.
- Click Create Agent & Generate Token.
In your CI project, store your agent token as a secret environment variable
See the documentation for your CI system for instructions on setting secret environment variables.
Add this command to your CI project to download the agent and start
curl -sSL https://download.sourceclear.com/ci.sh | shFor example, in GitLab, add the command after the after_script step in the .gitlab-ci.yml file.You can customize this command to enable additional features of agent-based scanning.