Veracode provides options for viewing log messages when running a Veracode Pipeline Scan.
To obtain detailed console output during scanning, add the --verbose parameter set to true to your pipeline script.
To send logging information to outputs other than the console, you can use the Apache Log4j utility.
To configure logging settings, you can include a log4j.config file in the execution directory of pipeline-scan.jar. The configuration file overrides the command-line options.
In this example, the script uses Logj4 to:
- Send information messages to the console
- Send verbose and debug messages to a file named pipeline-scan.log
log4j.rootLogger=INFO, stdout, fileout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=[%d{HH:mm:ss,SSSS}] %p: %m%n
log4j.appender.fileout=org.apache.log4j.FileAppender
log4j.appender.fileout.file=pipeline-scan.log
log4j.appender.fileout.append=false
log4j.appender.fileout.threshold=DEBUG
log4j.appender.fileout.layout=org.apache.log4j.PatternLayout
log4j.appender.fileout.layout.ConversionPattern=[%d{dd MMM yyyy HH:mm:ss,SSSS}] PIPELINE-SCAN %p: %m%n