Skip to main content

CI/CD integrations

Veracode provides integrations and APIs to enable you to integrate application security with your continuous integration/continuous deployment (CI/CD) systems, such as build servers and release-management processes.

You can integrate one or more of the following scan types:

Whether you are developing code using continuous integration or a more traditional development model, your security tools should support the model and developer tools that make your team most productive. Integrating application security testing should not require your team to change how they interact with their code, how they identify and manage defects, or how they interact with software configuration management (SCM) tools. Veracode is designed to be open and tool-chain agnostic, and to not require changes to overall development process. Veracode achieves this goal by offering plugins and APIs that integrate smoothly into your SDLC.

note

Veracode APIs and integrations require access to specific Region Domains, depending on the region for your Veracode account. Contact your IT team to ensure the correct domains for your region are on the allowlist for your organization. Also, ensure that there is one-way communication on port 443 to the domain for the REST APIs. Refer to the complete list of domains and IP addresses to add to your allowlist.

To learn more about these integrations and to interact with other users, visit the Community forum. If you do not see the integration you want, check the Veracode Community.

Amazon Web Services (AWS)

To integrate Static Analysis or SCA with AWS, see Amazon Web Services (AWS).

Integration type: Veracode-Authored

Apache Ant

To integrate Static Analysis with Ant using the Java API wrapper, see Apache Ant.

Integration type: Veracode-Authored, API

Apache Maven

Select from the following integrations:

Integration type: Veracode-Authored, API

Atlassian Bamboo

Select from the following integrations:

Integration type: Veracode-Authored, API

Azure DevOps

Select from the following integrations:

Integration type: Veracode-Authored

Bitbucket

To integrate SCA with Bitbucket, see Integrating Veracode SCA with developer tools.

Integration type: Veracode-Authored

CircleCI

Select from the following integrations:

Integration type: Veracode-Authored

Codeship

To integrate SCA with Codeship Basic or Pro, see Integrating Veracode SCA with developer tools.

Integration type: Partner

GitHub

Select from the following integrations:

Integration type: Veracode-Authored

GitLab

Select from the following integrations:

  • Pipeline Scan to integrate Static Analysis scans to your pipeline.
  • SCA agent to integrate SCA agent-based scans.

Integration type: Veracode-Authored

Gradle

Select from the following integrations:

  • Pipeline Scan to integrate Static Analysis to your Gradle repositories.
  • Gradle Plugin to integrate SCA scans to your Gradle repositories.

Integration type: Veracode-Authored

Hygieia

To integrate SCA agent-based scans with Hygieia, see Integrating Veracode SCA with developer tools.

Integration type: Veracode-Authored

Jenkins

Select from the following integrations:

  • Jenkins Plugin to integrate Static Analysis and Dynamic Analysis scans with a plugin.
  • Pipeline Scan to integrate Static Analysis scans with Veracode Pipeline Scan.
  • DAST Essentials to integrate Dynamic Analysis scans.
  • SCA agent to integrate SCA agent-based scans.

Integration type: Veracode-Authored

TeamCity (JetBrains)

Select from the following integrations:

Integration type: Veracode-Authored

TravisCI

Select from the following integrations:

Integration type: Veracode-Authored