Skip to main content

SCM integrations

Veracode Repository Scanning and other Veracode-authored integrations add security to your source control management (SCM) tools. These integrations embed scanning, review, and remediation tasks into your build and deployment workflows. Use SCM integrations in addition to CI/CD integrations.

Veracode source control management (SCM) integrations allow you to:

  • Scan all target repositories.
  • Trigger scans on push or pull requests.
  • Detect flaws in source code.
  • Identify vulnerabilities in open-source components.
  • Review results and remediate findings using the provided guidance.
  • Import findings as issues or work items for tracking.

You can ingest data and findings from the Repository Scanning integrations for GitHub and GitLab into Veracode Risk Manager (VRM). You can also integrate Veracode with your SCM tools using the Veracode CLI.

To learn more about these integrations and interact with other users, visit the Community forum. If you don't see the integration you need, check the Open Source Projects.

note

Veracode APIs and integrations require access to specific region domains based on your Veracode account region. Contact your IT team to confirm that the required domains for your region are on your organization’s allowlist. Ensure one-way communication on port 443 to the REST API domain. For a full list, see domains and IP addresses to add to your allowlist.

Azure DevOps

Select from the following integrations.

Integration type: Veracode-authored

Bitbucket

SCA agent: add SCA agent-based scanning.

Integration type: Veracode-authored

GitHub

Select from the following integrations.

Integration type: Veracode-authored

GitLab

Select from the following integrations.

Integration type: Veracode-authored

Last updated on