Configure your GitLab repository
To complete this task:
-
To scan using Veracode Software Composition Analysis (SCA) agent-based scanning, add the following to the
after_script
step in your.gitlab-ci.yml
file:after_script:
- curl -sSL https://sca-downloads.veracode.com/ci.sh | sh -
Commit the change to start a build for your repository.
Results:
Veracode SCA performs an agent-based scan, displaying results to your agent-based scanning environment.
Next steps:
If you want to add Veracode SCA agent-based scanning to other repositories, add the installation and scan code above, along with the SRCCLR_API_TOKEN
environment variable, to any .gitlab-ci.yml
files you want to scan. Then you can perform scans on each new build.