Integrate with Veracode Repository Scanning

Veracode Repository Scanning allows you to automate security scanning for all of your GitHub and GitLab repositories.

By integrating Repository Scanning with Veracode Risk Manager (VRM), you gain the following insights into how vulnerabilities make it through your SDLC:

Track the origin of images generated from GitHub and GitLab repositories.
Trace static findings to the images generated from those repositories, helping you understand which vulnerabilities ultimately end up in runtime.

Prerequisites

Before Veracode can enable the Repository Scanning integration, you must meet the following prerequisites:

Your Veracode organization has installed and configured the Veracode Workflow Integration for GitHub or GitLab.
You have set up the VRM Connector for Veracode for the same Veracode organization.

Request the Repository Scanning integration

To enable VRM to ingest GitHub or GitLab data from Veracode Repository Scanning, reach out to your Veracode customer success representative.

Your representative will contact you when the integration is ready for use.

Review findings from the Repository Scanning integration

After your Veracode customer success representative enables the Repository Scanning integration, VRM ingests data from images generated by automated scans of your GitHub or GitLab repositories.

In VRM, all data ingested from the Repository Scanning Integration has a Finding Source of Veracode and a Factor of Running Containers. You can use the VRM filters to view that specific data.

Prerequisites​

Request the Repository Scanning integration​

Review findings from the Repository Scanning integration​

Did you find this helpful?

Prerequisites

Request the Repository Scanning integration

Review findings from the Repository Scanning integration