Before you can install and use the Veracode Jenkins Plugin, you must meet these prerequisites and have a Veracode account with the required roles.
Starting with version 188.8.131.52 of the Veracode Jenkins Plugin, Veracode distributes the plugin as open source under an MIT license. You can download the plugin source code from GitHub. On the Jenkins Marketplace and in the Jenkins Plugin Manager, the plugin name is Veracode Scans.
- Installed a supported version of Jenkins and Java listed in the Veracode-Authored Integrations page. Although there are additional Veracode Jenkins plugins available from the Jenkins server list of available plugins, Veracode only supports the Veracode-developed plugin available here.
- Installed any dependencies on the Jenkins server. The Veracode Jenkins Plugin has a dependency on numerous plugins including the Jenkins Structs plugin and Jenkins Symbol Annotation plugin, as do most default installations of Jenkins. Newer versions of Jenkins automatically resolve these dependencies at the time of installation. If this fails, you must manually install the dependencies.
- Jenkins server has Internet connectivity.
- You have packaged the application code you plan to upload to Veracode for scanning to include the required debug symbols, as described in the Packaging Guidance. If you have a .NET application, you can use the Veracode Visual Studio Extension to prepare your application. You can also automate the preparation of a .NET application by precompiling it with MSBUILD.
- Generated Veracode API credentials
You have one of these accounts:
A user account with these roles:
- Creator or Security Lead role to be able to create application profiles, and upload and scan applications
- Submitter role to create a new scan for an existing application and upload and scan these applications
- Reviewer role to check scan completion
An API service account with these API roles:
- Upload API to create application profiles, create sandboxes, and upload and scan applications
- Upload API - Submit only to submit scans
- Results API to check scan completion