Skip to main content

Atlassian Bamboo

You use the Veracode Java API wrapper to integrate Veracode with your Maven build server. The integration seamlessly adds static scanning into the existing build processes that you use in your Software Development Life Cycle (SDLC).

You use the Veracode Java API wrapper to integrate the Veracode APIs with Bamboo to run Maven builds. To integrate Veracode with Bamboo, you use the Veracode APIs provided in the Java API wrapper. The API wrapper takes input from the command line, external tools, or existing build server integration workflows and returns a response from Veracode. You install the wrapper on the build server, and it initiates communication between the build server and Veracode.

Prerequisites

Before you integrate Veracode with Bamboo, you must:

  • Have an API service account with the Upload API role or a Veracode user account with the Creator role.
  • Have Veracode API credentials.
  • Install the Java API wrapper on your local machine. You can also run the Java API wrapper as a Docker image.
  • Ensure that the application you want to scan is properly compiled according to the instructions in the packaging requirements.
  • Ensure Bamboo is installed on your build server. You can download Bamboo from the Atlassian website. If you downloaded the archive file, instead of the EXE installer, you must unzip the archive.
  • Ensure that Bamboo is configured according to the Bamboo installation instructions on the Atlassian Support website.
  • Ensure that Java and a zip utility, such as WinZip, are defined as executables in your Bamboo Administration account.

Create a plan in Bamboo for Java applications

You can create a plan for Java applications using the Veracode Bamboo Integration.

To complete this task:

  1. Start Bamboo.

  2. In Bamboo, create and configure a new plan.

  3. Select Configure tasks.

  4. Select Add task.

  5. From the Task types dropdown, select Maven 2.x.

  6. On the Maven 2.x Configuration page, enter values for:

    • Task Description
    • Executable: you might need to create a new label for your Maven executable.
    • Goal: for example, Set up clean test package.
    • Build JDK

  7. Select Save.

  8. To enable the plan, select Yes.

  9. Select Create.

  10. To complete the configuration, ensure your plan is enabled and select Run plan. You see an error until you have a Maven project to run.

Create a plan in Bamboo for .NET applications

You can create a plan for .NET applications using the Veracode Bamboo Integration.

To complete this task:

  1. Start Bamboo.

  2. In Bamboo, create and configure a new plan.

  3. Select Configure tasks.

  4. On the Tasks tab, select Add task.

  5. In the Task types window, select MSBuild.

  6. On the MSBuild configuration page, enter values for:

    • For Task description, describe the build task.
    • From the Executable dropdown, select the latest version of MSBuild.
    • For Project File, enter the project solution filename.

  7. Select Save.

  8. On the Tasks tab, select Add task.

  9. In the Task types window, select Command.

  10. On the Command configuration page, enter the following information:

    • For Task description, describe the precompilation task.

    • From the Executable dropdown, select ASPNetCompiler.

    • For Argument, enter these arguments, replacing the example text with names specific to your application:

      {WebgoatNet.zip} ${bamboo.build.working.directory}\PrecompiledWeb\WebGoat.NET\bin\

  11. Select Save.

  12. On the Tasks tab, select Add task.

  13. In the Task types window, select Command.

  14. On the Command configuration page, enter the following information:

    • For Task description, describe the task of zipping files for upload to Veracode.

    • From the Executable dropdown, select 7ZIP.

    • For Argument, enter this argument:

      -p "WebGoat" -v "WebGoat.NET/" -fixednames -f -c -d "PrecompiledWeb/WebGoat.NET"

  15. Select Save.

  16. To enable the plan, select Yes.

  17. Select Create.

  18. To complete the configuration, ensure your plan is enabled and select Run plan.

Build a Maven project with Bamboo

You can use the Veracode Bamboo Integration to build and scan a Maven project with Bamboo.

To complete this task:

  1. Navigate to the directory //..//Bamboo-home/xml-data/build-dir/VWD1-SIM-Job1/.

  2. Copy your Maven project into this directory and ensure the Maven build script pom.xml is in the root directory.

    Bamboo derived the URI when you ran the Bamboo plan you configured for Java or .NET applications.

  3. Run the Bamboo plan again. The pom.xml file runs, which builds the project.

Upload and scan an application from Bamboo

With the Veracode Bamboo Integration, you can submit applications from your Bamboo environment to Veracode using the Veracode Java API wrapper. In a new or existing job, you add a task that calls the Java API wrapper to upload and scan your application.

To complete this task:

  1. Open Bamboo and navigate to the plan you created for your application.

  2. Select a job.

  3. Select Tasks.

  4. On the Tasks page, select Add task.

  5. For the task type, select Builder > Command. If you want to use the Java API wrapper Docker image, create a Docker task.

  6. For the Task description, explain that this task uploads the application to Veracode.

  7. From the Executable dropdown, select Java. For a Docker task, from the Command dropdown, select Build a Docker image.

  8. For the Argument, enter a command with the following parameters. For the Docker settings, use the example scripts.

    • vid: Veracode API ID.
    • vkey: Veracode API key.
    • action: name of the action to perform. Enter uploadandscan.
    • appname: name of an existing application profile you want to use for your application.
    • createprofile: optional. Create a new application profile for your application.
    • createsandbox: optional. Create a sandbox for this application.
    • sandboxname: optional. Name of the sandbox in which you want the scan to build.
    • filepath: filepath of the files you want to upload to Veracode for scanning. By default, Veracode uploads all the subdirectories and files of this filepath.
    • version: name or version of the build you want to scan.

    Example command for the Argument field in a Command task:

    -jar C:\{JavaWrapper_HomeFolder}\vosp-api-wrapper-java{version}.jar -vid ${bamboo.vid} -vkey ${bamboo.vkey} -action uploadandscan
    -appname {Your_Application_Name} -createprofile true -createsandbox true -sandboxname ${bamboo.shortPlanName} -filepath
    ${bamboo.build.working.directory}/*.{FileExtensionForCompiledApplication} -version ${bamboo.buildNumber}

  9. Review the configuration, then select Save.

Last updated on