Set up the Universal connector

The Universal Connector allows Veracode Risk Manager (VRM) to ingest and analyze assets and findings from any data source. It allows you to integrate with third-party tools for which VRM does not have a pre-built connector.

Veracode Technical Support configures your connector based on connection details that you provide.

Request a customized connector

If you want Veracode to create a customized connector for your development tool, reach out to your Veracode customer success representative. Please provide the following information:

• The tool you want VRM to connect to.
• The types of data you want VRM to ingest as findings and assets. For example, you might want to ingest vulnerabilities from the tool's vulnerabilities endpoint as findings, and applications from the tool's apps endpoint as assets.
• Your team's preferred authentication method, if there is more than one available for the tool.

In some cases, Veracode will need to request credentials for a developer or lower environment of your tool's API to complete development of the connector. In such cases, Veracode will provide you with a secure way to share the credentials.

Your Veracode customer success representative will contact you when the connector is ready for use.

Add your VRM connector

After your Veracode customer success representative has created your customized connector, you can add it to VRM and begin ingesting data.

Prerequisites

• Have the Admin role in VRM
• Have an active API key with the Admin role

To complete this task:

1. In VRM, from the left navigation menu, select the Settings icon , and then select Add Connector.

2. Select the tool from which the connector will ingest data. Connectors supported by the Universal Connector are marked with a stripe in the top-right corner of the tile.

   

3. On the connector page, enter a name for the connector.

4. Enter the required authentication information.

5. Select Add Connector.

6. From the Connectors list, click on the connector you just added.

7. In the Advanced section of the Connection Details screen, copy the id value to a secure location.

   

8. In a command prompt, run the following API command to enable data ingestion:

   curl --location --request PUT 'https://api.longbow.security:443/v1/integrations/<your integration ID> \ 
   --header 'Content-Type: application/json' \
   --header 'x-api-key: <your api key>' \
   --data '{
     "isUConnect": true
   }'

   Replace <your integration ID> with the ID of your connector, and <your api key> with your API key.

9. On the Connection Details screen in VRM, select Actions > Launch Discovery Scan to initiate data ingestion.

   To view the progress of the data ingestion, on the Connection Details screen, select Actions > Integration Stats.

If you experience issues using the API or launching the scan, reach out to your Veracode customer success representative.

Configure your own custom connector

The VRM Universal Connector also supports onboarding data from an S3 bucket, or Azure Storage Account, that contains data you want VRM to ingest, formatted according to its data model. The most common use cases for this self-hosted approach include:

• Want to onboard on-premises data to VRM.
• Want to configure scripts in your own environment for fetching and formatting data for VRM, including development of your own factors on issues or assets not supported by the platform today.

If you are interested in configuring your own connector, reach out to your Veracode customer success representative for more details.