Skip to main content

Integrating Veracode SCA with Developer Tools

You can integrate Veracode Software Composition Analysis with several CI/CD and ticketing tools.

In addition to the listed integrations, you can implement Veracode SCA in any CI tool through scripting.

For the detailed lists of supported tools and languages, see About Supported Languages and Tools for Agent-Based Scans and Understanding Language Support for Veracode SCA Upload Scans.

CI/CD Systems

Atlassian Bamboo

You can create a Veracode SCA agent that scans your repositories as an automated task in your Atlassian Bamboo pipeline. See the configuration instructions for more information.

AWS CodeStar

Veracode for AWS CodeStar allows you to configure automated agent-based scan commands in your AWS CodeBuild projects. You, then, add the build project to a pipeline stage in CodePipeline to analyze the build output from your application build stage and return Veracode SCA findings. See Configure an AWS CodeBuild Project for SCA for more information.

Azure DevOps

You can create a Veracode SCA agent for PowerShell, then configure agent-based scanning as a PowerShell task in Azure DevOps.

The open-source Veracode Community Software Composition Analysis (SCA) Azure DevOps Extension integrates agent-based scans of your repositories as an automated task into your Azure DevOps pipeline.

note

This extension is not officially supported by Veracode.

Bitbucket

You can create a Veracode SCA agent that scans your repositories as an automated task in your Bitbucket pipeline. See the configuration instructions for more information.

CircleCI

You can create a Veracode SCA agent that scans your repositories as an automated task in your CircleCI pipeline. See the configuration instructions for more information.

This config.yml file includes a sample command for running an agent-based scan in a CircleCI pipeline.

CodeShip Basic

You can create a Veracode SCA agent that scans your repositories as an automated task in your CodeShip Basic pipeline. See the configuration instructions for more information.

CodeShip Pro

You can create a Veracode SCA agent that scans your repositories as an automated task in your CodeShip Pro pipeline. See the configuration instructions for more information.

GitLab

You can create a Veracode SCA agent that scans your repositories as an automated task in your GitLab pipeline. See the configuration instructions for more information.

Gradle

You can create a Veracode SCA agent that automates the scanning of your Gradle repositories. See the configuration instructions for more information.

Jenkins

You can create a Veracode SCA agent that scans your repositories as an automated task in your Jenkins pipeline. See the configuration instructions for more information.

The Veracode Jenkins Plugin automates the upload and scan tasks of your Jenkins build pipeline and returns Veracode SCA findings as part of a Veracode Static Analysis.

Maven

You can create a Veracode SCA agent that automates the scanning of your Maven repositories. See the configuration instructions for more information.

Travis CI

You can create a Veracode SCA agent that scans your repositories as an automated task in your Travis CI pipeline. See the configuration instructions for more information.

Ticketing Systems

Jira

You can create a Jira integration that allows you to generate tickets in Jira for findings from agent-based scans performed on the command line or as part of a pipeline. See the configuration instructions for more information.

The Veracode Integration for Jira manages the import of security findings from Veracode and creates issues in Jira for Veracode SCA findings imported from a Veracode Static Analysis.

Jira Cloud

You can create a Jira Cloud integration that automatically generates tickets in Jira Cloud for agent-based scan findings performed on the command line or as part of a pipeline. See the configuration instructions for more information.

The Veracode Integration for Jira Cloud manages the import of security findings from Veracode and creates issues in Jira for Veracode SCA findings imported from a Veracode Static Analysis.

GitHub

You can create a GitHub integration that generates issues in GitHub for agent-based scan findings performed on the command line or as part of a pipeline. See the configuration instructions for more information.