Skip to main content

Integrate agents with TravisCI

You can create a Veracode SCA agent that scans your repositories as an automated task in your Travis CI pipeline.

Prerequisites

Depending on the build and package managers your repositories use, your agent host has specific requirements depending on the language scanned. To view the requirements, see the code language in Finding and fixing vulnerabilities.

Create your authentication token

By default, the agent you create is only visible to members of the workspace in which you created the agent. To allow visibility, invite teams to your workspace.

To complete this task:

  1. In the Veracode Platform, select Scans & Analysis > Software Composition Analysis.
  2. Select Agent-Based Scan.
  3. Select a workspace.
  4. Select Agents > Actions > Create > Travis CI.
  5. Select Create Agent & Generate Token.
  6. Copy the value in the token field. You use the token to authenticate with Veracode SCA during scans.

Add your token to an environment variable

Setting an environment variable in Travis CI occurs on a per-repository basis.

To complete this task:

  1. In Travis CI, select the repository you want to scan.
  2. Go to More Options > Settings.
  3. For Name, enter SRCCLR_API_TOKEN.
  4. For Value, enter your Veracode SCA API token.
  5. Verify Display value in build log is set to OFF. This step ensures your token is hidden.
  6. Select Add.

Configure your repos

To complete this task:

  1. Add this code to your .travis.yml file:

    addons:
        srcclr: true

  2. If you want verbose output during the scan, add the debug key:

    addons:
        srcclr:
            debug: true

  3. Commit the changes to start a build and run an SCA scan.

Last updated on