Enable agent-based scanning behind a proxy

If you use the Veracode Software Composition Analysis agent with a CI tool that is behind a proxy, you must establish communication between the agent and your proxy server.

Before you begin:

• If your proxy performs TLS interception, you must provide the certificate chain to the agent.
• If your Veracode account is in the United States Federal Region, running the SCA agent behind a proxy server is not supported. See Setting Up Agent-Based Scans for details.

To complete this task:

1. To make the Java virtual machine (JVM) aware of the root certificate, run the appropriate command for your operating system:

   • Linux or Mac:

     export SRCCLR_SSL_CERT_FILE="/path to certificate file/"

   • Windows PowerShell:

     $env:SRCCLR_SSL_CERT_FILE='/path to certificate file/'

2. To make the agent aware of the proxy, make one of these configurations:

   • Set the https_proxy environment variable containing a URL that points to the proxy server. For example:

     • Linux or Mac:

       export https_proxy="http://127.0.0.1:8080"

     • Windows Powershell:

       $env:https_proxy='http://127.0.0.1:8080'

   • Set the agent configuration values relevant to proxy identification and authentication, such as proxyHost and proxyPort, in ~.srcclragent.yml or in another YML configuration file defined with the --config= option.

     For example, include proxyHost: 127.0.0.1 and proxyPort: 8080 in ~/.srcclr/agent.yml.

3. To complete the connection, run the appropriate command to establish communication between the agent and the proxy server. For example:

   • Linux or Mac:

     curl -sSL https://sca-downloads.veracode.com/ci.sh | env DEBUG=1 SRCCLR_SSL_CERT_FILE="/path to certificate file/" bash -s scan --skip-collectors "ant,npm"

   • Windows PowerShell:

     $Client = New-Object -TypeName System.Net.WebClient
     $Client.Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
     $Script = $Client.DownloadString('https://sca-downloads.veracode.com/ci.ps1')
     Invoke-Command -ScriptBlock ([scriptblock]::Create($Script)) -ArgumentList @('scan', '--skip-collectors', 'ant,npm')
   Important

   If you do not use the https_proxy environment variable or set proxyHost and proxyPort in ~/.srcclr/agent.yml, you must include '--config=/path to configuration file/' in this command.