Skip to main content

Manually install an ISM endpoint

If you are running your endpoint on a machine other than Windows or Linux, or you choose not to use the ISM endpoint installer, you can manually install the endpoint.

You must deploy the endpoint to a location accessible to the web applications or REST APIs you want to scan or the analysis fails.

The following task continues from either step 6 of Configure Internal Scanning or step 6 of Add Endpoint to Gateway.

To complete this task:

  1. Select Download to download the ZIP file containing the endpoint.

  2. Move the ZIP file to a machine behind your firewall with access to your internal applications or REST APIs.

  3. Extract the ZIP file.

  4. Start the endpoint JAR file from the command line with the appropriate commands for your proxy configuration. You can also copy the following commands from the Set Up Your Environment window:

    • If you are not using a web proxy to access the internet:

      java -jar Veracode_ISM_Endpoint_{yourendpointname}.jar

    • If you are using an unauthenticated web proxy:

      java -Dhttps.proxyHost={your_proxy_host} -Dhttps.proxyPort={your_proxy_port} -jar Veracode_ISM_Endpoint_{your_endpoint_name}.jar

    • If you are using an authenticated web proxy, launch the endpoint:

      java -Dhttps.proxyHost={your_proxy_host} -Dhttps.proxyPort={your_proxy_port} -jar Veracode_ISM_Endpoint_{your_endpoint_name}.jar --authenticate

    • After launching the endpoint for an authenticated web proxy, run the endpoint:

      java -Dhttps.proxyHost={your_proxy_host} -Dhttps.proxyPort={your_proxy_port} -jar Veracode_ISM_Endpoint_{your_endpoint_name}.jar

    • If you only want to use the web proxy for communication between the endpoint and gateway:

      java -Dhttps.proxyHost={your_proxy_host} -Dhttps.proxyPort={your_proxy_port} -jar Veracode_ISM_Endpoint_{your_endpoint_name}.jar --proxygatewayonly

  5. Select Close.

    The new gateway and endpoint now appear on the Internal Scanning Management page.

    If the endpoint fails to connect to the gateway, your organization might need to add the gateway IP address or domain name to the allowlist. The IP address and domain are viewable on the Internal Scanning Management page and the gateway page.

    After creation, the gateway status displays as Initializing for a few minutes. The endpoint status remains Pending until deployment is complete. Once deployed, the status changes to Ready.

Proxy Exclusion List

The proxy exclusion list contains hosts that bypass the configured proxy. All other internet traffic routes through the proxy. After installing ISM, set up the proxy exclusion list.

To add or modify the proxy exclusion list:

  1. Open File Explorer, then go to the ISM Endpoint installation folder.
  2. Open the config folder.
  3. Open the application.properties file.
  4. Search for proxyExclusionList. If the entry exists, add the necessary proxies, separated by commas. If it doesn’t exist, create a new line and add proxyExclusionList followed by the necessary proxies, separated by commas (e.g., proxyExclusionList = veracode.com, *code.com).
  5. To save changes, select File > Save.

Next steps:

To continue, create one of the following Dynamic Analyses for internal scanning:

Last updated on