Skip to main content

Manually install an ISM endpoint

If you are running your endpoint on a machine other than Windows or Linux, or you choose not to use the ISM endpoint installer, you can manually install the endpoint.

You must deploy the endpoint to a location accessible to the web applications or REST APIs you want to scan or the analysis fails.

Thee following tasks continues from either step 6 of Configure Internal Scanning or step 6 of Add Endpoint to Gateway.

To complete this task:

  1. Select Download to download the ZIP file containing the endpoint.

  2. Move the ZIP file to a machine behind your firewall with access to your internal applications or REST APIs.

  3. Extract the ZIP file.

  4. Start the endpoint JAR file from the command line with the appropriate commands for your proxy configuration. You can also copy the following commands from the Set Up Your Environment window:

    • If you are not using a web proxy to access the internet:

      java -jar Veracode_ISM_Endpoint_{yourendpointname}.jar
    • If you are using an unauthenticated web proxy:

      java -Dhttps.proxyHost={your_proxy_host} -Dhttps.proxyPort={your_proxy_port} -jar Veracode_ISM_Endpoint_{your_endpoint_name}.jar 
    • If you are using an authenticated web proxy, launch the endpoint:

      java -Dhttps.proxyHost={your_proxy_host} -Dhttps.proxyPort={your_proxy_port} -jar Veracode_ISM_Endpoint_{your_endpoint_name}.jar --authenticate
    • After launching the endpoint for an authenticated web proxy, run the endpoint:

      java -Dhttps.proxyHost={your_proxy_host} -Dhttps.proxyPort={your_proxy_port} -jar Veracode_ISM_Endpoint_{your_endpoint_name}.jar
    • If you only want to use the web proxy for communication between the endpoint and gateway:

      java -Dhttps.proxyHost={your_proxy_host} -Dhttps.proxyPort={your_proxy_port} -jar Veracode_ISM_Endpoint_{your_endpoint_name}.jar --proxygatewayonly
  5. Select Close.

    The new gateway and endpoint now appear on the Internal Scanning Management page.

    If the endpoint fails to connect to the gateway, your organization may need to add the gateway IP address or domain name to your allowlist. The IP address and domain are visible from the Internal Scanning Management page and the gateway page.

    The gateway may have a status of Initializing for a few minutes after you create it. The endpoint has a status of Pending until you successfully deploy it. When you successfully deploy the endpoint, it has a status of Ready.

Next steps:

You can now create the following Dynamic Analyses for internal scanning: