Binding Veracode Credentials in Jenkins Pipeline Builds
You can use the Jenkins Credentials Binding plugin to bind your Veracode API credentials to environment variables in a Jenkins pipeline. You generate a script containing the bound environment variables, then add this script to your Jenkins pipeline script.
After binding your Veracode API credentials to the environment variables, Jenkins secretly uses the credentials saved in its credentials store. Only the bound environment variables appear in the Jenkins interface and logs instead of your Veracode API credentials.
Before you begin:
- You have installed and configured the Jenkins plugin.
- You have installed the latest Credentials Binding plugin from the Jenkins Plugin Index.
To complete this task:
In Jenkins, go to your pipeline project.
Click Pipeline Syntax to open the Snippet Generator.
From the Sample Step dropdown menu, select withCredentials: Bind credentials to variables.
In the Bindings section, select Add > Username and password (separated).
The Username and password (separated) section opens.
In the Username Variable and Password Variable fields, enter username and password variables. Your Veracode API credentials bind to these variables at runtime.
Do one of the following:
If the Veracode API credentials to which you want to bind the specified username and password variables are in the Jenkins credentials store, select them from the Credentials dropdown menu. Then, continue to Step 7.
If the Veracode API credentials to which you want to bind the specified username and password variables are not in the Jenkins credentials store, you must add the credentials:
a. To the right of the Credentials dropdown menu, select Add > Jenkins to open the Jenkins Credentials Provider window.
b. In the Username field, enter your API ID. In the Password field, enter your API key.
c. Optionally, enter values for the ID and Description fields.
d. Click Add to add the credentials to the Jenkins credentials store.
e. From the Credentials dropdown menu, select the credentials you added.
Click Generate Pipeline Script.
In the generated script, which is Apache Groovy code, the
withCredentialsstep contains the username variable, password variable, and, if specified, the credentials ID.
Copy the entire
withCredentials step and add it to your Jenkins pipeline script for Veracode scans.