Veracode provides options for viewing log messages when running a Veracode Pipeline Scan.
To obtain detailed console output during scanning, add the --verbose parameter set to true to your pipeline script.
To send logging information to outputs other than the console, you can use the Apache Log4j utility.
To configure logging settings, you can include a log4j.config file in the execution directory of pipeline-scan.jar. The configuration file overrides the command-line options.
In this example, the script uses Logj4 to:
- Send information messages to the console
- Send verbose and debug messages to a file named pipeline-scan.log
log4j.rootLogger=INFO, stdout, fileout log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout.layout=org.apache.log4j.PatternLayout log4j.appender.stdout.layout.ConversionPattern=[%d{HH:mm:ss,SSSS}] %p: %m%n log4j.appender.fileout=org.apache.log4j.FileAppender log4j.appender.fileout.file=pipeline-scan.log log4j.appender.fileout.append=false log4j.appender.fileout.threshold=DEBUG log4j.appender.fileout.layout=org.apache.log4j.PatternLayout log4j.appender.fileout.layout.ConversionPattern=[%d{dd MMM yyyy HH:mm:ss,SSSS}] PIPELINE-SCAN %p: %m%n