Skip to main content

Configure the Veracode Jenkins Plugin

After installing the Veracode Jenkins Plugin, there are required and optional settings you can configure before using the plugin to scan your code.

Before you begin:

To complete this task:

  1. Open a browser window and sing in to your Jenkins server.

  2. Select Manage Jenkins > Configure System and scroll down to the Veracode Jenkins Plugin section.

  3. In the Veracode User Credentials fields, enter your Veracode API credentials.

    If you are using credentials binding to protect your credentials, you can enter a placeholder, which the Credentials Binding plugin uses later. Configure this placeholder if you intend to use the binding plugin for freestyle, Domain Specific Language (DSL), or pipeline jobs that require credentials management. This placeholder must have a leading dollar sign and be unique. For example, Veracode recommends $veracode_id and $veracode_key.

  4. To stop the build job if the Veracode task encounters a problem or the application does not pass a security policy, select Fail Job. If you select this option, you can also select the option under it to have Jenkins show the job status as Unstable.

    Several conditions could cause a scan to fail, including network timeouts, invalid credentials, or the application exceeds the maximum file size during upload. The Fail Job option allows you to stop a build if, during an upload and scan, an SCA or Static Analysis fails a specified policy evaluation. You can review the details of a failed job in Jenkins. The Fail Job option can save you time and enable you to quickly troubleshoot build issues that are related to your Veracode scan.

  5. Optionally, in the Copy Output Remote Files to Controller section:

    note

    Veracode does not recommend this option.

    • If you want to build and upload code to Veracode from a remote machine, ensure the Copy Output Remote Files to Controller option is cleared. Jenkins uses the term node to refer to a remote machine. If you do not copy the files to controller, the Jenkins plugin copies the Java API wrapper JAR files to the veracode-jenkins-plugin directory in the remote root directory. The Java wrapper CLI executes from the remote machine to upload and scan the output code that a build generates.
    • If you build only on a remote machine, and copy the output files from the remote machine to the controller for uploading to Veracode, select the Copy Output Remote Files to Controller option.
  6. In the Default Values field, select these Jenkins server environment-type variables to apply them to all Jenkins jobs:

    • $projectname: changes the new Veracode application name to the Jenkins server project name. You can overwrite this value within the individual Jenkins project settings page in the Veracode options section.
    • Jenkins server workspace path and IP address.
    • $buildnumber: changes to the Veracode default scan name.
  7. Optionally, select the Run in debug mode option to collect detailed information about Veracode scans. The plugin stores this information in the console log of each individual Jenkins project. Veracode recommends you select this option.

  8. If you intend to connect using a proxy, select the Connect using proxy option. Then, provide the specific host, port, username and password settings for global use in Jenkins.