Skip to main content

Manually Install an Endpoint

If you are running your endpoint on a machine other than Windows or Linux, or you choose not to use the ISM endpoint installer, you can manually install the endpoint.

You must deploy the endpoint to a location accessible to the web applications or REST APIs you want to scan or the analysis fails.

These steps continue from either step 6 of Configure Internal Scanning or step 6 of Add Endpoint to Gateway. Refer to those sections for the previous steps of this process.

To complete this task:

  1. Click Download to download the ZIP file containing the endpoint.

  2. Move the ZIP file to a machine behind your firewall with access to your internal applications or REST APIs.

  3. Extract the ZIP file.

  4. Start the endpoint JAR file from the command line with the appropriate commands for your proxy configuration. You can also copy the following commands from the Set Up Your Environment window:

    • If you are not using a web proxy to access the internet:

      java -jar Veracode_ISM_Endpoint_{yourendpointname}.jar
    • If you are using an unauthenticated web proxy:

      java -Dhttps.proxyHost={your_proxy_host} -Dhttps.proxyPort={your_proxy_port} -jar Veracode_ISM_Endpoint_{your_endpoint_name}.jar 
    • If you are using an authenticated web proxy, launch the endpoint:

      java -Dhttps.proxyHost={your_proxy_host} -Dhttps.proxyPort={your_proxy_port} -jar Veracode_ISM_Endpoint_{your_endpoint_name}.jar --authenticate
    • After launching the endpoint for an authenticated web proxy, run the endpoint:

      java -Dhttps.proxyHost={your_proxy_host} -Dhttps.proxyPort={your_proxy_port} -jar Veracode_ISM_Endpoint_{your_endpoint_name}.jar
    • If you only want to use the web proxy for communication between the endpoint and gateway:

      java -Dhttps.proxyHost={your_proxy_host} -Dhttps.proxyPort={your_proxy_port} -jar Veracode_ISM_Endpoint_{your_endpoint_name}.jar --proxygatewayonly
  5. Click Close.

    The new gateway and endpoint now appear on the Internal Scanning Management page.

    If the endpoint fails to connect to the gateway, your organization may need to add the gateway IP address or domain name to your allowlist. The IP address and domain are visible from the Internal Scanning Management page and the gateway page.

    The gateway may have a status of Initializing for a few minutes after you create it. The endpoint has a status of Pending until you successfully deploy it. When you successfully deploy the endpoint, it has a status of Ready.

Next steps:

After you have created the gateway, started the endpoint, and tested the gateway connection, you can configure a Veracode Dynamic Analysis for internal scanning.