Before you can install and use the Veracode Jenkins Plugin, you must meet these prerequisites and have a Veracode account with the required roles.
Starting with version 22.214.171.124 of the Veracode Jenkins Plugin, Veracode distributes the plugin as open source under an MIT license. You can download the plugin source code from GitHub. On the Jenkins Marketplace and in the Jenkins Plugin Manager, the plugin name is Veracode Scan.
Before you can install and use the Jenkins Plugins, you must have:
- Jenkins 2.60–2.332.4. Although there are additional Veracode Jenkins plugins available from the Jenkins server list of available plugins, Veracode only supports the Veracode-developed plugin available here.
- Java 8 or 11.
- Installed any dependencies on the Jenkins server. The Veracode Jenkins Plugin has a dependency on numerous plugins including the Jenkins Structs plugin and Jenkins Symbol Annotation plugin, as do most default installations of Jenkins. Newer versions of Jenkins automatically resolve these dependencies at the time of installation. If this fails, you must manually install the dependencies.
- Jenkins server has Internet connectivity.
- You have packaged the application code you plan to upload to Veracode for scanning to include the required debug symbols, as described in the packaging requirements. If you have a .NET application, you can use the Visual Studio extension to prepare your application. You can also automate the preparation of a .NET application by precompiling it with MSBUILD.
- Generated Veracode API credentials.
You must have one of these Veracode accounts:
- A user account with these roles:
- Creator or Security Lead role to be able to create application profiles, and upload and scan applications
- Submitter role to create a new scan for an existing application and upload and scan these applications
- Reviewer role to check scan completion
- An API service account with these roles:
- Upload API to create application profiles, create sandboxes, and upload and scan applications
- Upload API - Submit only to submit scans
- Results API to check scan completion