Packaging Requirements for Pipeline Scans

Pipeline Scan

Veracode requires that you follow packaging instructions to ensure that your application meets all requirements for successful uploads.

Follow these language-specific packaging instructions for applications that you plan to submit. All of the packaging and compilation instructions are included in the Understanding Veracode General Packaging Guidance.

Java
Submit a Java archive in a standard JAR, WAR, or EAR format.

Packaging Java Applications provides detailed packaging requirements for Java applications.

.NET
Upload a ZIP file containing DLL, EXE, and PDB files. For ASP.NET, upload a ZIP file containing all aspx.*.dll and aspx.*.pdb files and any DLL assemblies that the ASP.NET compiler generates.

Packaging .NET Applications provides detailed packaging requirements for .NET applications.

JavaScript and TypeScript
Upload a ZIP file containing source code or files that contain JavaScript or TypeScript. Veracode extracts and scans JavaScript and TypeScript code in your Java archive (JAR, WAR, or EAR) files.

Packaging JavaScript and TypeScript Applications provides detailed packaging requirements for JavaScript and TypeScript applications.

Python
Upload a ZIP file containing Python files.

Packaging Python Applications provides detailed packaging requirements for Python applications.

Note: You cannot use the baseline file feature to ignore flaws in Python applications.
PHP
Upload a ZIP file containing PHP files.

Packaging PHP Applications provides detailed packaging requirements for PHP applications.

Android
Submit an Android application in a standard APK format.

Packaging Android Applications provides detailed packaging requirements for Android applications.

Scala
Submit a Scala application in a standard JAR format.

Packaging Scala Applications provides detailed packaging requirements for Scala applications.

Groovy
Submit a Groovy application in a standard JAR or WAR format.

Packaging Groovy Applications provides detailed packaging requirements for Groovy applications.

Kotlin
Submit a Kotlin application in a standard JAR or WAR format.

Packaging Kotlin Applications provides detailed packaging requirements for Kotlin applications.

React Native
Upload a ZIP file containing JavaScript source code or a compiled Android package (APK).

Packaging React Native Applications provides detailed packaging requirements for React Native applications. Pipeline Scans do not support React Native applications packaged as IPA files.

Titanium
Upload a compiled Android package (APK).

Packaging Titanium Applications provides detailed packaging requirements for Titanium applications.

Cordova
Upload a compiled Android package (APK).

Packaging PhoneGap/Cordova Applications provides detailed packaging requirements for Cordova applications. Pipeline Scans do not support Cordova applications packaged as IPA files.

You can upload multiple files of the supported packaging formats in a single ZIP file. Veracode automatically analyzes all first-party, top-level modules. If you submit applications using this method, there may be an impact on scan performance.

Note: The total size of the file submitted to a Pipeline Scan is limited to 100 MB.