Veracode provides a few configuration options for generating log messages from Pipeline Scans.
To obtain detailed console output during scanning, add the parameter --verbose=true to your pipeline script.
To send logging information to outputs other than the console, you can use the Apache Log4j utility.
To configure logging settings, you can include a log4j.config file in the execution directory of pipeline-scan.jar. The configuration file overrides the command-line options.
In this example, the script uses Log4j to:
- Send information messages to the console
- Send verbose and debug messages to the log file pipeline-scan.log
log4j.rootLogger=INFO, stdout, fileout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=[%d{HH:mm:ss,SSSS}] %p: %m%n
log4j.appender.fileout=org.apache.log4j.FileAppender
log4j.appender.fileout.file=pipeline-scan.log
log4j.appender.fileout.append=false
log4j.appender.fileout.threshold=DEBUG
log4j.appender.fileout.layout=org.apache.log4j.PatternLayout
log4j.appender.fileout.layout.ConversionPattern=[%d{dd MMM yyyy HH:mm:ss,SSSS}] PIPELINE-SCAN %p: %m%n