Upload and scan files using Visual Studio 2015 and 2017
After using Veracode Static for Visual Studio to create a Veracode build of your application, you can upload the build to a new or existing application profile in your Veracode portfolio.
Before you begin:
Ensure you meet the prerequisites.
To complete this task:
-
In Visual Studio, select Extensions > Veracode Static > Upload and Scan.
-
If prompted, enter your API credentials. Select the checkbox to store your credentials so that you only have to enter them once.
-
In the Upload and Scan window, from the Application dropdown menu, select the application for which you want to upload binaries. To add an application, select Add Application and enter the required information such as policy control and organization information.
-
Complete all the fields in the Add Application window and select Save.
In the Upload and Scan window, the application you just added is preselected and the Create Scan window opens.
-
Select Create Scan.
-
In the Create Scan window, enter the name for the new scan and, optionally, the lifecycle stage.
-
Select Create.
-
In the Solution Files pane, select the solution files you want to upload.
noteFor web applications built on ASP.NET 3.0 Core and later, there is an executable that duplicates the artifacts included in the upload to the Veracode Platform. In your web application project, you must deselect the duplicate executable to exclude it from the upload, or you see an error and the Veracode Platform initiates a manual module selection.
-
If necessary, select any files in the Additional Files section that you also want to scan. The files can include additional application components that are not built in the solution, such as compiled files from another solution or components built in another language.
-
Select Upload.
You cannot upload binaries if Veracode is currently scanning an application. After the scan results are available, you can add more files.
Veracode expects the name of the uploaded file to be the same between scans of the same application. However, because filenames can change between builds of the same code, you can change the filename before uploading to keep the name consistent. If Veracode indicates that the filenames are not the same, select the New Filename column to rename the file, so that it matches the previous name for the same file.
- When prompted to confirm, select Yes to continue the upload.
- Select Yes to go directly to the Veracode prescan process after the upload completes. If you do not want the full scan to continue automatically, select No.
- Select Begin Prescan at the top of the Upload Files table.
Files you have previously uploaded to the selected scan already appear in the Uploaded Files section.
- When the prescan is complete, select View Prescan Results at the top of the Upload Files table.
Veracode notifies you when your scan is complete and results are available.
- At the prompt, select OK to start the prescan of the files when the upload has completed. If you select No, you must select the Start Prescan link on the Upload and Scan page.
After the prescan verification completes successfully, the scan begins automatically.
Results:
If there is an error during prescan:
- In the Upload and Scan window, select View Prescan Results.
- In the Prescan Verification Results window, select the files you want to scan.
- Select the modules that are independent components, which you need to scan in their entirety. Leave the checkboxes for third-party components or dependencies cleared.
- Select Yes to start the scan.
If you encounter an error when uploading a build, in Visual Studio, in the Options window, select Source Control > Environment. Then, verify that Saving and Editing are set to Check out automatically.