Skip to main content

Integrate agents with CircleCI

You can create a Veracode SCA agent that scans your repositories as an automated task in your CircleCI pipeline.

This config.yml file includes a sample command for running an agent-based scan in a CircleCI pipeline.

Prerequisites

Depending on the build and package managers your repositories use, your agent host has specific requirements depending on the language scanned. To view the requirements, see the code language in Finding and fixing vulnerabilities.

Create your authentication token

By default, the agent you create is only visible to members of the workspace in which you created the agent. To allow visibility, invite teams to your workspace.

To complete this task:

  1. In the Veracode Platform, select Scans & Analysis > Software Composition Analysis.
  2. Select Agent-Based Scan.
  3. Select a workspace.
  4. Select Agents > Actions > Create > Circle CI.
  5. Select Create Agent & Generate Token.
  6. Copy the value in the token field. You use the token to authenticate with Veracode SCA during scans.

Configure your environment variable

You can set an environment variable for each repository you want to scan.

To complete this task:

  1. Select the repository where you want to scan your CircleCI environment.
  2. Go to Project Settings > Environment Variables.
  3. Select Add Variable.
  4. For Name, enter SRCCLR_API_TOKEN.
  5. For Value, enter your agent token value.
  6. Verify the Display value in build log is set to OFF to ensure your token is hidden.
  7. Select Add Variable.
Last updated on