Enable Agent-Based Scanning Behind a Proxy
If you use the Veracode Software Composition Analysis agent with a CI tool that is behind a proxy, you must establish communication between the agent and your proxy server.
Before you begin:
If your proxy performs TLS interception, you must provide the certificate chain to the agent.
To complete this task:
To make the Java virtual machine (JVM) aware of the root certificate, run the appropriate command for your operating system:
Linux or Mac:
export SRCCLR_SSL_CERT_FILE="/path to certificate file/"Windows PowerShell:
$env:SRCCLR_SSL_CERT_FILE='/path to certificate file/'
To make the agent aware of the proxy, make one of these configurations:
Set the
https_proxyenvironment variable containing a URL that points to the proxy server. For example:Linux or Mac:
export https_proxy="http://127.0.0.1:8080"Windows Powershell:
$env:https_proxy='http://127.0.0.1:8080'
Set the agent configuration values relevant to proxy identification and authentication, such as
proxyHostandproxyPort, in~.srcclragent.ymlor in another YML configuration file defined with the--config=option.For example, include
proxyHost: 127.0.0.1andproxyPort: 8080in~/.srcclr/agent.yml.
To complete the connection, run the appropriate command to establish communication between the agent and the proxy server. For example:
Linux or Mac:
curl -sSL https://download.sourceclear.com/ci.sh | env DEBUG=1 SRCCLR_SSL_CERT_FILE="/path to certificate file/" bash -s scan --skip-collectors "ant,npm"Windows PowerShell:
$Client = New-Object -TypeName System.Net.WebClient
$Client.Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
$Script = $Client.DownloadString('https://download.sourceclear.com/ci.ps1')
Invoke-Command -ScriptBlock ([scriptblock]::Create($Script)) -ArgumentList @('scan', '--skip-collectors', 'ant,npm')
noteIf you do not use the
https_proxyenvironment variable or setproxyHostandproxyPortin~/.srcclr/agent.yml, you must include'--config=/path to configuration file/'in this command.