Enable Pull Requests for GitLab

Veracode Software Composition Analysis

To use automatic pull requests for Veracode Software Composition Analysis agent-based scanning, you need permission to create pull requests in GitLab.

To get permission to create pull requests:

  1. Go to GitLab.com.
  2. If prompted, enter your GitLab credentials to log in.
  3. On the Personal Access Tokens page, enter a token name.
  4. Select the api checkbox.
  5. Click Create personal access token.
  6. After generating the token, copy it to your clipboard and save it to a safe location.
    Note: After leaving the page, you can no longer access the token.
  7. Add your token using one of these methods:
    • Add this code to the agent.yml file installed in your ~/.srcclr folder:
      scmType: GITLAB
      scmToken: <token copied in earlier step>
    • Set the token as an environment variable in your CI/CD settings or in a command script. For example, add this code in Linux bash:
      export SRCCLR_SCM_TYPE="GITLAB"
      export SRCCLR_SCM_TOKEN="<token copied in earlier step>"
  8. If you are using an installation of GitLab other than GitLab.com, add your project URL using one of these methods:
    • Add the project URL to the agent.yml file installed in your ~/.srcclr folder:
      scmUrl: https://gitlab.acme.io
    • Set the project URL as an environment variable in your CI/CD settings.
    • Set the project URL as an environment variable in a command script. For example, add this code in Linux bash:
      export SRCCLR_SCM_URL=https://gitlab.acme.io