If you use the Veracode Software Composition Analysis agent with a CI tool that is behind a proxy, you must establish communication between the agent and your proxy server.
If your proxy performs TLS interception, you must provide
the certificate chain to the agent.
To enable agent-based scanning behind your proxy:
-
To make the Java virtual machine (JVM) aware of the root certificate, run the
appropriate command for your operating system:
- Linux or
Mac:
export SRCCLR_SSL_CERT_FILE="/path to certificate file/"
- Windows
PowerShell:
$env:SRCCLR_SSL_CERT_FILE='/path to certificate file/'
- Linux or
Mac:
-
To make the agent aware of the proxy, make one of these configurations:
- Set the https_proxy
environment
variable containing a URL that points to the proxy server. For
example:
- Linux or
Mac:
export https_proxy="http://127.0.0.1:8080"
- Windows
Powershell:
$env:https_proxy='http://127.0.0.1:8080'
- Linux or
Mac:
- Set the agent
configuration values relevant to proxy identification and
authentication, such as proxyHost and
proxyPort, in ~/.srcclr/agent.yml
or in another YML configuration file defined with the --config= option. Note: For example, include proxyHost: 127.0.0.1 and proxyPort: 8080 in ~/.srcclr/agent.yml
- Set the https_proxy
environment
variable containing a URL that points to the proxy server. For
example:
-
To complete the connection, run the appropriate command to establish
communication between the agent and the proxy server. For example:
- Linux or Mac:
curl -sSL https://download.sourceclear.com/ci.sh | env DEBUG=1 SRCCLR_SSL_CERT_FILE="/path to certificate file/" bash -s scan --skip-collectors "ant,npm"
- Windows
PowerShell:
$Client = New-Object -TypeName System.Net.WebClient $Client.Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials $Script = $Client.DownloadString('https://download.sourceclear.com/ci.ps1') Invoke-Command -ScriptBlock ([scriptblock]::Create($Script)) -ArgumentList @('scan', '--skip-collectors', 'ant,npm')
Note: If you do not use the https_proxy environment variable or set proxyHost and proxyPort in ~/.srcclr/agent.yml, you must include '--config=/path to configuration file/' in this command. - Linux or Mac: