You can integrate Veracode Software Composition Analysis with several CI/CD and ticketing tools.
In addition to the listed integrations, you can implement Veracode SCA in any CI tool through scripting.
For the detailed lists of supported tools and languages, see About Supported Languages and Tools for Agent-Based Scans and Understanding Language Support for Veracode SCA Upload Scans.
CI/CD Systems
- Atlassian Bamboo
- You can create a Veracode SCA agent that scans your repositories as an automated task in your Atlassian Bamboo pipeline. See the configuration instructions for more information.
- Artifactory
- Veracode for Artifactory provides automated security scanning for your CI/CD applications and returns Veracode SCA findings within Artifactory as part of a Veracode Static Analysis.
- AWS CodeStar
- Veracode for AWS CodeStar allows you to configure automated agent-based scan commands in your AWS CodeBuild projects. You, then, add the build project to a pipeline stage in CodePipeline to analyze the build output from your application build stage and return Veracode SCA findings. See Configure an AWS CodeBuild Project for SCA for more information.
- Azure DevOps
- You can create a Veracode SCA agent for PowerShell and, then, configure agent-based scanning as a PowerShell task in Azure DevOps.
- Bitbucket
- You can create a Veracode SCA agent that scans your repositories as an automated task in your Bitbucket pipeline. See the configuration instructions for more information.
- CircleCI
- You can create a Veracode SCA agent that scans your repositories as an automated task in your CircleCI pipeline. See the configuration instructions for more information.
- CodeShip Basic
- You can create a Veracode SCA agent that scans your repositories as an automated task in your CodeShip Basic pipeline. See the configuration instructions for more information.
- CodeShip Pro
- You can create a Veracode SCA agent that scans your repositories as an automated task in your CodeShip Pro pipeline. See the configuration instructions for more information.
- GitLab
- You can create a Veracode SCA agent that scans your repositories as an automated task in your GitLab pipeline. See the configuration instructions for more information.
- Gradle
- You can create a Veracode SCA agent that automates the scanning of your Gradle repositories. See the configuration instructions for more information.
- Jenkins
- You can create a Veracode SCA agent that scans your repositories as an automated task in your Jenkins pipeline. See the configuration instructions for more information.
- Maven
- You can create a Veracode SCA agent that automates the scanning of your Maven repositories. See the configuration instructions for more information.
- Travis CI
- You can create a Veracode SCA agent that scans your repositories as an automated task in your Travis CI pipeline. See the configuration instructions for more information.
Ticketing Systems
- Jira
- You can create a Jira integration that allows you to generates ticket in Jira for findings from agent-based scans performed on the command line or as part of a pipeline. See the configuration instructions for more information.
- Jira Cloud
- You can create a Jira Cloud integration that automatically generates tickets in Jira Cloud for agent-based scan findings performed on the command line or as part of a pipeline. See the configuration instructions for more information.
- GitHub
- You can create a GitHub integration that generates issues in GitHub for agent-based scan findings performed on the command line or as part of a pipeline. See the configuration instructions for more information.