The Veracode Jenkins Plugin integrates with your Jenkins development pipelines to seamlessly automate the operations for building, uploading, and scanning your application code.
Starting with version 126.96.36.199 of the Veracode Jenkins Plugin, Veracode distributes the plugin as open source under an MIT license. You can download the plugin source code from GitHub. On the Jenkins Marketplace and in the Jenkins Plugin Manager, the plugin name is Veracode Scan.
The Veracode Jenkins Plugin contains the Java API wrapper and uses the
uploadandscan composite action from the wrapper to upload your code to Veracode for scanning. By default, the
uploadandscan composite action is set to
autoscan, which starts the scan automatically after the prescan. However, the prescan must meet the Veracode Static Analysis scanning requirements. Before running your automation, perform a prescan verification. Since the
uploadandscan composite action runs through the Java API wrapper, the wrapper returns a non-zero integer exit code when a command fails. These are the exit codes:
1= Invalid input
2= API internal error
3= Incorrect file format of the CSV file referred to in the
4= The scan did not pass policy compliance. This code only applies to an
uploadandscancomposite action that specifies the
The Veracode API wrappers return errors for missing required parameters and unrecognized parameters. They do not return errors on defined API parameters that are not valid for use with the specified action. For example, if an API wrapper takes
sandboxid as an optional parameter, and you supply
sandboxname in error, the wrapper ignores
sandboxname and executes. You can verify the list of valid parameters in the console.
Java 8 and 11