Skip to main content

uploadandscanbyappid

The uploadandscanbyappid composite action enables you to upload files to Veracode for scanning.

The auto-scan parameter is always set to true (enabled) with the uploadandscanbyappid call. In the Veracode Platform, if the Auto-Scan option for a scan configuration is set to Off (disabled), the uploadandscanbyappid call overrides the Auto-Scan option.

note

The Veracode XML APIs and the wrappers use a different syntax. For the wrappers, the parameter names omit the underscores, the parameter values omit spaces, and some parameters use different names. For example, the parameter app_id in the API is appid in the wrapper and the parameter value Very High in the API is VeryHigh in the wrapper. The parameter business_criticality in the API is criticality in the wrapper. The syntax is not interchangeable and using the wrong syntax causes your command to fail. To ensure you are using the correct syntax, see the documentation provided in the Help directory for each wrapper.

Parameters

NameTypeDescription
appid
Required
IntegerApplication ID.
filepath
Required
StringFilepath or folderpath of the files you want to upload to Veracode for scanning. By default, the integration uploads all the subdirectories and files of this filepath. Ensure you have prepared the files according to the packaging requirements.
version
Required
StringName or version of the build that you want to scan.
createsandboxBooleanFor development sandbox scans, create a sandbox for the specified Veracode application. Set to true to create a sandbox. Set to false to not create a sandbox.
excludeStringCase-sensitive, comma-separated list of module name patterns that represent the names of modules to not scan as top-level modules. The * wildcard matches 0 or more characters. The ? wildcard matches exactly one character.
includeStringCase-sensitive, comma-separated list of module name patterns that represent the names of modules to scan as top-level modules. The * wildcard matches 0 or more characters. The ? wildcard matches exactly one character.
patternStringCase-sensitive filename pattern that represents the names of uploaded files to save with a different name. The * wildcard matches 0 or more characters. The ? wildcard matches exactly one character. Each wildcard corresponds to a numbered group that you can reference in the replacement pattern.
replacementStringReplacement pattern that references groups captured by the filename pattern. For example, if the filename pattern is --SNAPSHOT.war and the replacement pattern is $1-master-SNAPSHOT.war, an uploaded file named app-branch-SNAPSHOT.war is saved as app-master-SNAPSHOT.war.
sandboxidIntegerID of the sandbox in which to run the scan.
sandboxnameStringName of the sandbox in which to run the scan.
scantimeoutIntegerNumber of minutes to wait for the scan to complete and pass policy. If the scan does not complete or fails policy, the build fails. Default is 60 minutes.

Example commands

This example request uses the uploadandscanbyappid action in a specific scenario:

Veracode recommends that you use an external API credentials file to provide your credentials to the Veracode API wrapper. When you use an API credentials file, you can omit the -vid and -vkey parameters for specifying your Veracode API credentials.

Start an application scan:

java -jar vosp-api-wrapper-java{version}.jar -action uploadandscanbyappid -vid <Veracode API ID> -vkey <Veracode API key> -appid myid -sandboxname mysandbox -createsandbox true -version <unique version> -filepath /workspace/myapp.jar
VeracodeC#API -action uploadandscanbyappid -vid <Veracode API ID> -vkey <Veracode API key> -appid myid -sandboxname mysandbox -createsandbox true -version <unique version> -filepath /workspace/myapp.jar