Enable agent-based scanning behind a proxy
If you use the Veracode Software Composition Analysis agent with a CI tool that is behind a proxy, you must establish communication between the agent and your proxy server.
Before you begin:
- If your proxy performs TLS interception, you must provide the certificate chain to the agent.
- If your Veracode account is in the United States Federal Region, running the SCA agent behind a proxy server is not supported. See Setting Up Agent-Based Scans for details.
To complete this task:
-
To make the Java virtual machine (JVM) aware of the root certificate, run the appropriate command for your operating system:
-
Linux or Mac:
export SRCCLR_SSL_CERT_FILE="/path to certificate file/"
-
Windows PowerShell:
$env:SRCCLR_SSL_CERT_FILE='/path to certificate file/'
-
-
To make the agent aware of the proxy, make one of these configurations:
-
Set the
https_proxy
environment variable containing a URL that points to the proxy server. For example:-
Linux or Mac:
export https_proxy="http://127.0.0.1:8080"
-
Windows Powershell:
$env:https_proxy='http://127.0.0.1:8080'
-
-
Set the agent configuration values relevant to proxy identification and authentication, such as
proxyHost
andproxyPort
, in~.srcclragent.yml
or in another YML configuration file defined with the--config=
option.For example, include
proxyHost: 127.0.0.1
andproxyPort: 8080
in~/.srcclr/agent.yml
.
-
-
To complete the connection, run the appropriate command to establish communication between the agent and the proxy server. For example:
-
Linux or Mac:
curl -sSL https://sca-downloads.veracode.com/ci.sh | env DEBUG=1 SRCCLR_SSL_CERT_FILE="/path to certificate file/" bash -s scan --skip-collectors "ant,npm"
-
Windows PowerShell:
$Client = New-Object -TypeName System.Net.WebClient
$Client.Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
$Script = $Client.DownloadString('https://sca-downloads.veracode.com/ci.ps1')
Invoke-Command -ScriptBlock ([scriptblock]::Create($Script)) -ArgumentList @('scan', '--skip-collectors', 'ant,npm')
ImportantIf you do not use the
https_proxy
environment variable or setproxyHost
andproxyPort
in~/.srcclr/agent.yml
, you must include'--config=/path to configuration file/'
in this command. -