Skip to main content

Integrate agents with GitLab

You can create a Veracode SCA agent that scans your repositories as an automated task in your GitLab pipeline.

Prerequisites

Depending on the build and package managers your repositories use, your agent host has specific requirements depending on the language scanned. To view the requirements, see the code language in Finding and fixing vulnerabilities.

Create your authentication token

By default, the agent you create is only visible to members of the workspace in which you created the agent. To allow visibility, invite teams to your workspace.

To complete this task:

  1. In the Veracode Platform, select Scans & Analysis > Software Composition Analysis.
  2. Select Agent-Based Scan.
  3. Select a workspace.
  4. Select Agents > Actions > Create > Bitbucket Pipelines. The installation process for GitLab CI mirrors the Bitbucket Pipelines installation process for SCA Agent-based Scan.
  5. Select Create Agent & Generate Token.
  6. Copy the value in the token field. You use the token to authenticate with Veracode SCA during scans.

Configure your environment variable

Setting an environment variable in GitLab CI occurs on a per-repository basis. This example demonstrates how to create a variable for your API token.

To complete this task:

  1. In your GitLab environment, select the project you want to scan.
  2. Go to Settings > CI/CD.
  3. Select Expand in the Variables section.
  4. For Key, enter SRCCLR_API_TOKEN.
  5. For Value, enter your Veracode SCA API token.
  6. Select the State and Masked values you want for your variable. We recommend masking the variable and, if you use protected variables, protecting it.
  7. Select Save variables.

Next steps:

You can create an environment variable for your project URL to allow the enabling of automatic pull requests.

Configure your repos

To complete this task:

  1. To add scanning to your repos, add the following to the after_script step in your .gitlab-ci.yml file:

    after_script:
        - curl -sSL https://sca-downloads.veracode.com/ci.sh | sh

  2. Commit the change to start a build for your repository and run an SCA scan.

Next steps:

If you want to scan other repositories, add the installation and scan code above, along with the SRCCLR_API_TOKEN environment variable, to any .gitlab-ci.yml files you want to scan. Then you can perform scans on each new build.

Last updated on