Troubleshoot errors

This section helps you remedy common problems and understand how better to use Veracode APIs and integrations.

For assistance with errors you receive while compiling your application, see Troubleshooting precompilation errors.

If you cannot find the solution to your problem in this section, contact Veracode Technical Support.

Authentication

Issue

I have received one of these messages:

Received fatal alert: handshake_failure
Peer not authenticated error
System.Net.WebException was unhandled. Message=The request was aborted: Could not create SSL/TLS secure channel
OpenSSL::SSL::SSLError: Received fatal alert: handshake_failure
The underlying connection was closed: An unexpected error occurred on a send.
Could not create SSL/TLS secure channel

Solution

If you are using an integration that attempts to connect over TLS 1.0 or 1.1, you might receive one of these error messages. See Use TLS with Veracode integrations.

APIs and wrappers

This section helps you remedy common problems and understand how better to use Veracode APIs and wrappers.

note

Veracode APIs and integrations require access to specific region domains, depending on the region for your Veracode account. Contact your IT team to ensure the correct domains for your region are on the allowlist for your organization. Also, ensure that there is one-way communication on port 443 to the domain for the REST APIs. Refer to the complete list of domains and IP addresses to add to your allowlist.

API or wrapper	Issue	Solution
Any API or wrapper	I received an HTTP 401 or Access Denied error. I do not have access to the APIs or I am unsure what kind of access I need.	You must have a Veracode account with the required API roles assigned by your Veracode administrator. Ensure your Veracode API credentials are valid and have not expired. You can generate new credentials in the Veracode Platform.
Any API	I cannot log in to Veracode when using the APIs.	Ensure you have added the required domains for your Veracode account to the allowlist for your organization. Refer to the complete list of domains and IP addresses to add to your allowlist. Verify that your IP address is in the list or range of addresses in the Allowed IP Addresses field of your user account login settings. If the IP range is set incorrectly, edit the Allowed IP Addresses field to include the IP address of the location of your login.
Any API	The scan stopped after prescan.	To determine why a scan that started from an API failed after prescan, review the response code returned from `beginscan.do`. When your script calls `beginscan.do`, the API returns a status code that confirms the scan successfully started, or provides an error message to explain why the scan did not start.
Any API	I received cURL error 35.	If you receive the cURL error `35: Unknown SSL protocol error in connection to ...`, you need to update your version of cURL. Alternatively, you can pass the option `-3`, which forces cURL to use SSL version 3 when negotiating with a remote SSL server.
Any wrapper	I received a message that displays missing mandatory parameters.	Provide all mandatory parameters in your call. If you do not provide all mandatory parameters, the wrapper returns the missing mandatory parameters in your console.
Any wrapper	I cannot connect to Veracode through my proxy.	If your organization uses a proxy for outbound connections, provide this information to the wrapper to successfully connect to Veracode.
Archer API	See GRC integrations.
Dynamic Analysis API	I need to open a support case with Veracode Technical Support.	Provide this information to Veracode Technical Support: API call you are trying to make. Response error code. For example, 201 or 401. Response body from the call. Description of the error you receive. The username and API ID for the account. API ID. Whether the API call is programmatic or by an application like Postman. If an application is calling the API, then provide the name of the application.
Java API wrapper or Veracode Jenkins Plugin, or TeamCity Plugin	See CI/CD integrations.
Java API wrapper	I experience a `PKIX` path building failure when installing the plugin from Eclipse.	Add these lines to the `eclipse.ini` file in your Eclipse installation directory: `-vmargs` `--Djavax.net.ssl.trustStore="path for cacerts"` `--Djavax.net.ssl.trustAnchors="path for cacerts"`
Flaw Report API	I see HTTPS status code `204` when I try to call `downloadflawreport.do`.	If you try to call `downloadflawreport.do` before `generateflawreport.do` has completed, you receive HTTP status code `204` to indicate no content is available. Try to download the report at a later time. After an excessively long time, if the Veracode Platform does not return the report, contact Veracode Technical Support.
Results API	The `getappbuilds.do` call is slow to deliver information.	Veracode recommends that you use `getapplist.do` to generate a list of all applications and `getbuildlist.do` to generate a list of all builds for an application. You can then use `getappinfo.do` and `getbuildinfo.do` to retrieve the information about specific applications and builds.
Upload API	I do not know if the prescan is complete or successful.	To check the prescan results in the Upload API, call `getprescanresults.do`.
Upload API	My scan does not complete due to non-fatal errors.	If you want to ensure the scan completes even though there are non-fatal errors such as unsupported frameworks, ensure you use the `scan_all_top_level_modules` parameter when you use the `beginscan.do` call.
Upload API	I received a fatal error after prescan, which is preventing my static analysis from starting automatically.	Before the next time your static analysis is scheduled to start automatically, you need to: Review the prescan results to identify the modules that have fatal errors. Resolve the errors. Optionally, if you do not want to resolve the errors, you can: Update your uploaded files to remove the modules that have errors. Start the analysis manually. If you have not added or deleted any modules since the last analysis that contained the fatal errors, the next automated analysis uses the same selected modules.
Any Plugin, Any API	When using either a Veracode plugin, the Veracode API wrappers, or a custom script, I see this returned in the output text: `App not in state where new builds are allowed.`	This message indicates that a previous static scan did not succeed for the specific application. Log into the Veracode Platform and review the application's current scans to determine if the previous scan did not successfully complete. A previous scan may still be in progress. If a previous scan is still running due to an error, select Delete. You can then use the plugin to submit a new scan request.
Any Plugin, Any API	I receive an error when an API or integration attempts to access Veracode.	Ensure you have added the required domains for your Veracode account to the allowlist for your organization. Refer to the complete list of domains and IP addresses to add to your allowlist.
Any wrapper or plugin	The following messages appear in the console output: `Error: Unable to start a scan.` `Error: Module list must contain only top-level module ids for the scan.`	Ensure the `include` parameter is applied only to the intended top-level modules for scanning, and not to unintended dependencies modules with similar names. To check for top-level modules and see which modules are available for selection from the API, run `getprescanresults.do`. Resource URL: `https://analysiscenter.veracode.com/api/5.0/getprescanresults.do`. The `getprescanresults.do` call returns the `prescanresults` XML document, which you can check for each module. To identify top-level modules, look for `is_dependency="false"`, and for non-selectable dependencies, look for `is_dependency="true"`.

SCM integrations

Product	Issue	Solution
Veracode Azure DevOps Extension	I am receiving upload errors for my Azure DevOps builds.	To resolve the upload errors, you have these options: Before uploading to Veracode, add the folder containing the files you want to scan to a ZIP archive. The ZIP archive suppresses errors due to unsupported file types. After prescan, resolve any fatal errors: Review the prescan results to identify the modules that have fatal errors. Resolve the errors. Optionally, if you do not want to resolve the errors, you can: Remove the modules that have errors: Update your uploaded files in the Veracode Platform. Update the values for the include and `exclude` parameters in the `uploadandscan.do` call to specify which files to include or exclude from upload. Update the build settings in Azure DevOps to specify which files to include or exclude from upload. Start the analysis manually. If you have not added or deleted any modules since the last analysis that contained the fatal errors, the next automated analysis uses the same selected modules. Ensure your binaries are in the default location, or modify the default location system variable `$(build.artifactstagingdirectory)</code> if you require your files to be in a different location. For example, if your files have a different pathname and are in a <code>bin</code> folder, you can modify your system variable to look like this:<code>$ (build.sourcesdirectory)pathname/bin`. Microsoft provides pipeline build steps for creating a folder with only the files that Veracode requires for scanning. See the Copy Files task and Delete Files task in the pipeline documentation on the Azure documentation.
Veracode Azure DevOps Extension	I selected the Veracode Scan Summary tab in Azure DevOps to view scan results and see the message Veracode is taking longer than expected to load.	Clear your browser cache. Then, select the Veracode Scan Summary tab again.

CI/CD integrations

Product	Issue	Solution
Veracode Jenkins Plugin	I receive one of these messages: `An app_id could not be located for application profile` `Access denied` Check the Veracode user role for the logged-in account to verify that you have a role with permissions to create an application profile, such as Upload API for API service accounts or Creator for user accounts. Confirm that the Veracode application profile for the specified application name is visible by the specified teams who have access to this application and its scan results.	Check the Veracode user role for the logged-in account to verify that you have a role with permissions to create an application profile, such as Upload API for API service accounts or Creator for user accounts. Confirm that the Veracode application profile for the specified application name is visible by the specified teams who have access to this application and its scan results.
Veracode Jenkins Plugin	This message appears in the console output: `The policy status 'Did Not Pass' is not passing. Unable to continue.`	This message indicates that you selected the Wait for scan to complete checkbox in your job configuration and the scan failed to pass your policy. If you want builds for scans that fail policy to complete, you must deselect that checkbox.
Veracode Jenkins Plugin	The test connection action fails. There is no success message. - Verify that your Jenkins server has internet connectivity. - Check outside of the Jenkins plugin environment to verify if the server the Jenkins tool is running on has internet connectivity. To determine connectivity, download and run the Java API wrapper on the same machine the Jenkins tools are running on to test for internet connectivity. - Verify the proxy settings to see if a proxy is required. - If a proxy is not required, you can test for an external internet connection with a cURL command and running, for example, the `getapplist.do` call. - Veracode APIs and integrations require access to `analysiscenter.veracode.com` and `api.veracode.com`. Contact your IT team to ensure these domains are on the allowlist for your organization and that there is one-way communication on port 443 to `api.veracode.com`. Refer to the complete list of domains and IP addresses to add to your allowlist.	- Verify that your Jenkins server has internet connectivity. - Check outside of the Jenkins plugin environment to verify if the server the Jenkins tool is running on has internet connectivity. To determine connectivity, download and run the Java API wrapper on the same machine the Jenkins tools are running on to test for internet connectivity. - Verify the proxy settings to see if a proxy is required. - If a proxy is not required, you can test for an external internet connection with a cURL command and running, for example, the `getapplist.do` call. - Ensure you have added the required domains for your Veracode account to the allowlist for your organization. Refer to the complete list of domains and IP addresses to add to your allowlist.
Veracode Jenkins Plugin	I see this message: `Unknown vid and vkey`.	See step 23.
Veracode Jenkins Plugin or Java API wrapper	I see this message: `Requested array size exceeds VM limit.`	This error indicates you are attempting to upload an archive that is too large for the current limit (in GB). Check the content and size of the files or archives you are uploading to verify you are using the correct files.
Veracode Jenkins Plugin or Java API wrapper	I see this message: `[16.01.11 14:28:39] java/net/HttpURLConnection.setFixedLengthStreamingMode(J)V Build step Upload and Scan with Veracode marked build as failure Finished: FAILURE`	This message indicates that the Java version you are using is not Java 7 or later. The Veracode Jenkins Plugin and the Veracode Java API wrapper require Java 7 or later.

Veracode Azure DevOps Extension	I am receiving upload errors for my Azure DevOps builds.	To resolve the upload errors, you have these options: Before uploading to Veracode, add the folder containing the files you want to scan to a ZIP archive. The ZIP archive suppresses errors due to unsupported file types. After prescan, resolve any fatal errors: Review the prescan results to identify the modules that have fatal errors. Resolve the errors. Optionally, if you do not want to resolve the errors, you can: Remove the modules that have errors: Update your uploaded files in the Veracode Platform. Update the values for the include and `exclude` parameters in the `uploadandscan.do` call to specify which files to include or exclude from upload. Update the build settings in Azure DevOps to specify which files to include or exclude from upload. Start the analysis manually. If you have not added or deleted any modules since the last analysis that contained the fatal errors, the next automated analysis uses the same selected modules. Ensure your binaries are in the default location, or modify the default location system variable `$(build.artifactstagingdirectory)</code> if you require your files to be in a different location. For example, if your files have a different pathname and are in a <code>bin</code> folder, you can modify your system variable to look like this:<code>$ (build.sourcesdirectory)pathname/bin`. Microsoft provides pipeline build steps for creating a folder with only the files that Veracode requires for scanning. See the Copy Files task and Delete Files task in the pipeline documentation on the Azure documentation.
Veracode Azure DevOps Extension	I selected the Veracode Scan Summary tab in Azure DevOps to view scan results and see the message Veracode is taking longer than expected to load.	Clear your browser cache. Then, select the Veracode Scan Summary tab again.
Veracode Pipeline Scan	I received an error code message.	Try these resolutions for each error code: - `401: Unauthenticated.` The API credentials may be expired. If they are not expired, verify the API credential ID and key you use in the pipeline match the generated credentials. They cannot contain extra spaces. - `403: Unauthorized.` Check that the user accounts have Security Lead, Creator, and Submitter roles. Ensure the API user account credentials have Upload and Scan API or Upload API - Submit Only roles. - `429: Throttled.` The API credentials were submitted for more than six scans in the last one minute. Try again after a short delay. - `-50x: Server side problems.` This can be a problem with AWS or with Veracode services. Check the Veracode service status dashboards for details. For example, if the Identity Service is not working, then Pipeline Scan also does not work.
Veracode Pipeline Scan	I need to open a support case with Veracode Technical Support.	Provide this information to Veracode Technical Support: - Pipeline Scan version - Java version - Platform application name and the URL of the application - Build logs - Debug logs
Veracode Pipeline Scan	I see a PKIX error as a result of this SSL error: `PIPELINE-SCAN ERROR: CREATE FAILURE: Error executing HTTP request. Error was: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.` `PIPELINE-SCAN ERROR: The scan failed to complete: there are no results to analyze.`	Review the instructions for importing SSL certificates.

GRC integrations

Issue	Solution
Invalid IP address range.	Ensure that you are attempting to connect from an IP address that is allowed by the IP address restrictions for the login you are using. Ensure you have added the required domains for your Veracode account to the allowlist for your organization. Refer to the complete list of domains and IP addresses to add to your allowlist.
Invalid login type.	Ensure that you are providing credentials for an API class login with the Archer API role.
Invalid or null token.	Each login account is limited to using five tokens at a time to download Archer reports. The last five generated tokens are valid. All tokens expire after 30 days whether they are used or not. Using invalid tokens returns HTTP status code 403.
Incorrect date format.	Ensure the date format for the `date_from` and `date_to` fields is dd-mm-yyyy.
The report is not ready.	If you try to call `downloadarcherreport.do` before `generatearcherreport.do` has completed, you receive HTTP status code 204 to indicate no content is available. Try to download the report at a later time. After an excessively long time, if the Veracode Platform does not return the report, contact Veracode Technical Support.
The results file is too large.	When attempting to fetch the Archer feed for a large number of applications at the same time, the Veracode Platform may return HTTP status code 500. Veracode recommends that you fetch the data using the optional arguments for the Archer API to limit the scope of the data being pulled, for example using `scan_type` or a date range. After all the historical data is in place, use one of these `period` arguments to pull data on a scheduled basis: `yesterday`, `last_week`, or `last_month`. Alternatively, you can use the asynchronous calls `generatearcherreport.do` and `downloadarcherreport.do`.

Greenlight plugins

Issue	Solution
I am having trouble signing on or managing users.	Review Managing users.
I am having trouble generating an API ID.	Review About API credentials.
I do not know on which IDE to install Greenlight.	See the supported IDEs.
I need to open a support case with Veracode Technical Support.	Provide this information to Veracode Technical Support: Your IDE. For example, Eclipse, IntelliJ, or Visual Studio. Your IDE version. Your Veracode Greenlight version. If you are scanning at the file level or the project level. The programming language of the application you are trying to scan. The size of the file you are trying to scan. Whether auto-scan is on or off. A list of third-party plugins, such as Sonar Lint, you use for code analysis. A Greenlight debug log for your IDE. Before you can see debug logs, ensure you enable debug logs for your IDE.

IDE plugins and extensions

Product	Issue	Solution
Veracode Static for Eclipse	I experience a PKIX path building failure when installing the plugin from Eclipse.	Add the following lines to the `eclipse.ini` file in your Eclipse installation directory: -vmargs `--Djavax.net.ssl.trustStore="path for cacerts"` `--Djavax.net.ssl.trustAnchors="path for cacerts"`
Veracode Static for Eclipse	I cannot install Veracode Static for Eclipse for a new integration.	1. Ensure you install the latest version of the plugin. 2. Ensure you meet the prerequisites. 3. Ensure your Java version is 1.8 or later. 4. Provide the following information to Veracode Technical Support: - Eclipse version. - Veracode Static for Eclipse plugin version. - Screenshots of your errors. - Eclipse IDE log. - The workspace log file. - Proxy settings screenshot if the issue is with your proxy. - Whether this is a user account or API service account. - If you are using an API ID and key. - The user roles, team membership, and the application name.
Veracode Static for IntelliJ	I cannot install Veracode Static for IntelliJ for a new integration.	1. Ensure you are using the latest version of Veracode Static for IntelliJ. 2. Ensure you meet the prerequisites. 3. Ensure your Java version is 1.8 or later. 4. Provide the following information to Veracode Technical Support: - Logs and diagnostics data in a ZIP file. - Screenshots of your errors. - Whether this is a user account or API service account. - If you are using an API ID and key. - The user roles, team membership, and the application name.
Maven Build Script	This message appears: `java.lang.ClassNotFoundException: Cannot find the specified class com.ibm.websphere.ssl`	The IBM WebSphere environment may prevent a Veracode UploadandScan target from executing if the Maven build script dependencies with the Java class path are missing. To resolve this, generate two `pom.xml` scripts, using one specifically for the Veracode upload.
Veracode Static for Visual Studio	I received this download error: `No applications exist for the specified user's account.`	Using the Visual Studio Veracode menu, you may have attempted to download results after selecting a specific application for which you do not have permission to access. You must be a member of each team associated with an application to be able to access that application data.
Veracode Static for Visual Studio	The Upload Build menu does not populate the Application dropdown list or allow me to complete the Build text box.	This message indicates that you do not have the required role to either create a new application or build.
Veracode Static for Visual Studio	I receive this message Support Issue: `No precompiled files were found for this ASP.NET web application.`	Use the Veracode Static for Visual Studio to prepare your .NET application for uploading to Veracode. For information about this extension, see Using Veracode Static for Visual Studio.
Veracode Static for Visual Studio	I ran a scan from within Visual Studio and downloaded the scan results. Then, I selected Veracode Static > View Results. The Results window is empty.	If you are using Visual Studio 2019 with .NET Framework version 4.8, you must clear an option in Visual Studio to ensure the downloaded scan results display in the Results window. Otherwise, the Results window might be empty. See Configure Visual Studio 2019 to display scan results. After configuring Visual Studio, you can select Veracode Static > View Results to view the scan results in the Results window.
Veracode Static for Visual Studio	Upload and Scan fails to complete automatically.	For web applications built on ASP.NET 3.0 Core and later, there is an executable that duplicates the artifacts included in the upload to the Veracode Platform. In your web application project, you must deselect the duplicate executable to exclude it from the upload, or you see an error and the Veracode Platform initiates a manual module selection.
Veracode Static for Visual Studio	I need to open a support case with Veracode Technical Support.	Provide the following information to Veracode Technical Support: - Your IDE version. - Your Veracode Static for Visual Studio version. - If you are scanning at the file level or the project level. - The programming language of the application you are trying to scan. - The size of the file you are trying to scan. - If autoscan is on or off. - A list of third-party plugins, such as Sonar Lint, you use to for code analysis. - Precompilation output. If your application is a web application, then select the Use legacy precompilation method checkbox on the Precompilation page in the Veracode Visual Studio Extension Options. - If your application is built with the .NET Core framework, then provide a zipped folder of the Visual Studio log and name your ZIP file in this format: `C:\Users\UserName\AppData\Local\Microsoft\VisualStudio\VisualStudioVersion#\Extensions\somefolder\Log\veracode_YYYYMMDD.log`. These are the corresponding Visual Studio version numbers: 11 = VS 2012, 12 = VS 2013, 14 = VS 2015, 15 = VS 2017, and 16 = VS 2019. In the Visual Studio log path, the `VisualStudioVersion#` is in the format of `15.0_8ea552db` for Visual Studio 2017 and later, and there might be multiple folders with that format. Because you can do side-by-side installs with Visual Studio 2017 and later, each install creates a new random sequence after the version number.

Software Composition Analysis

Issue

I need to open a support case with Veracode Technical Support.

Solution

Provide this information to Veracode Technical Support:

The package manager and version you are using.
The agent CLI, CI, and plugins you use for scanning, and their versions.
The environment variables, flags, and directives you use for scanning.
Your debug logs, which you can get with any of these commands:
- In your terminal: srcclr scan --debug
- In a CI: curl -sSL https://sca-downloads.veracode.com/ci.sh | DEBUG=1 bash
- In a CI: export DEBUG=1 curl -sSL https://sca-downloads.veracode.com/ci.sh | bash
The project you are scanning with the correct directory structure.
The command you use to start the scan and answers to these questions:
- Was your scan only a SRCCLR scan or did you use other environment variables?
- Did you use a CI script to perform the scan?

Issue tracking integrations

Product	Issue	Solution
Veracode Integration for Jira	I cannot install or configure Veracode Integration for Jira.	You need the Jira administrator role to install and configure Veracode Integration for Jira.
Veracode Integration for Jira	I installed Veracode Integration for Jira but it is not working.	Ensure the API user has the Results API user role assigned. Then, associate Veracode fields with project screens in Jira or associate Veracode fields with project screens in Jira Cloud.
Veracode Integration for Jira	If you need to troubleshoot any issues, enable debug logging in Jira. The location of the Jira logs depends on the Jira installation location. For example: On Linux: `/opt/atlassian/jira/logs/catalina.out` On Windows: `C:\Program Files (x86)\Atlassian\Application Data\Jira\log\atlassian-jira.log`	Enable logging in Jira and set the logging level to DEBUG. After completing any debugging, ensure you change the logging level from DEBUG back to the logging level, such as INFO, and restart Jira.

Authentication​

APIs and wrappers​

SCM integrations​

CI/CD integrations​

GRC integrations​

Greenlight plugins​

IDE plugins and extensions​

Software Composition Analysis​

Issue tracking integrations​

Did you find this helpful?