Integrating Veracode SCA with Developer Tools

Getting Started with Veracode

You can integrate Veracode Software Composition Analysis with several CI/CD and ticketing tools.

In addition to the listed integrations, you can implement Veracode SCA in any CI tool through scripting.

For the detailed lists of supported tools and languages, see About Supported Languages and Tools for Agent-Based Scans and Understanding Language Support for Veracode SCA Upload Scans.

CI/CD Systems

Atlassian Bamboo
You can create a Veracode SCA agent that scans your repositories as an automated task in your Atlassian Bamboo pipeline. See the configuration instructions for more information.
Artifactory
Veracode for Artifactory provides automated security scanning for your CI/CD applications and returns Veracode SCA findings within Artifactory as part of a Veracode Static Analysis.
AWS CodeStar
Veracode for AWS CodeStar allows you to configure automated agent-based scan commands in your AWS CodeBuild projects. You, then, add the build project to a pipeline stage in CodePipeline to analyze the build output from your application build stage and return Veracode SCA findings. See Configure an AWS CodeBuild Project for SCA for more information.
Azure DevOps
You can create a Veracode SCA agent for PowerShell and, then, configure agent-based scanning as a PowerShell task in Azure DevOps.
The open-source Veracode Community Software Composition Analysis (SCA) Azure DevOps Extension integrates agent-based scans of your repositories as an automated task into your Azure DevOps pipeline.
Note: This extension is not officially supported by Veracode.
Bitbucket
You can create a Veracode SCA agent that scans your repositories as an automated task in your Bitbucket pipeline. See the configuration instructions for more information.
CircleCI
You can create a Veracode SCA agent that scans your repositories as an automated task in your CircleCI pipeline. See the configuration instructions for more information.
This config.yml file includes a sample command for running an agent-based scan in a CircleCI pipeline.
CodeShip Basic
You can create a Veracode SCA agent that scans your repositories as an automated task in your CodeShip Basic pipeline. See the configuration instructions for more information.
CodeShip Pro
You can create a Veracode SCA agent that scans your repositories as an automated task in your CodeShip Pro pipeline. See the configuration instructions for more information.
GitLab
You can create a Veracode SCA agent that scans your repositories as an automated task in your GitLab pipeline. See the configuration instructions for more information.
Gradle
You can create a Veracode SCA agent that automates the scanning of your Gradle repositories. See the configuration instructions for more information.
Jenkins
You can create a Veracode SCA agent that scans your repositories as an automated task in your Jenkins pipeline. See the configuration instructions for more information.
The Veracode Jenkins Plugin automates the upload and scan tasks of your Jenkins build pipeline and returns Veracode SCA findings as part of a Veracode Static Analysis.
Maven
You can create a Veracode SCA agent that automates the scanning of your Maven repositories. See the configuration instructions for more information.
Travis CI
You can create a Veracode SCA agent that scans your repositories as an automated task in your Travis CI pipeline. See the configuration instructions for more information.

Ticketing Systems

Jira
You can create a Jira integration that allows you to generates ticket in Jira for findings from agent-based scans performed on the command line or as part of a pipeline. See the configuration instructions for more information.
The Veracode Integration for Jira manages the import of security findings from Veracode and creates issues in Jira for Veracode SCA findings imported from a Veracode Static Analysis.
Jira Cloud
You can create a Jira Cloud integration that automatically generates tickets in Jira Cloud for agent-based scan findings performed on the command line or as part of a pipeline. See the configuration instructions for more information.
The Veracode Integration for Jira Cloud manages the import of security findings from Veracode and creates issues in Jira for Veracode SCA findings imported from a Veracode Static Analysis.
GitHub
You can create a GitHub integration that generates issues in GitHub for agent-based scan findings performed on the command line or as part of a pipeline. See the configuration instructions for more information.