Troubleshooting Veracode APIs and Integrations

Veracode Integrations Security and Troubleshooting

This section helps you remedy common problems and understand how better to use the Veracode XML APIs and integrations.

API Issue Solution
Any API I received a HTTP 401 or Access Denied error. I do not have access to the APIs or I am unsure what kind of access I need.
Any API I cannot log in to Veracode when using the APIs. Verify that your IP address is in the list or range of addresses in the Allowed IP Addresses field of your user account login settings. If the IP range is set incorrectly, edit the Allowed IP Addresses field to include the IP address of the location of your login.
Any API The scan stopped after prescan. To determine why a scan that started from an API failed after prescan, review the response code returned from the API call. When your script calls, the API returns a status code that confirms the scan successfully started, or provides an error message to explain why the scan did not start.
Any API I received cURL error 35. If you receive the cURL error 35: "Unknown SSL protocol error in connection to ...", you need to update your version of cURL. Alternatively, you can pass the option -3, which forces cURL to use SSL version 3 when negotiating with a remote SSL server.
Any Integration I have received one of these messages:
  • Received fatal alert: handshake_failure
  • Peer not authenticated error
  • System.Net.WebException was unhandled. Message=The request was aborted: Could not create SSL/TLS secure channel
  • OpenSSL::SSL::SSLError: Received fatal alert: handshake_failure
  • The underlying connection was closed: An unexpected error occurred on a send.
  • Could not create SSL/TLS secure channel
If you are using an integration that attempts to connect over TLS 1.0 or 1.1, you may receive one of these error messages. See Using TLS with Veracode Integrations.
Archer API Invalid IP address range. Ensure that you are attempting to connect from an IP address that is allowed by the IP address restrictions for the login you are using.
Archer API Invalid login type. Ensure that you are providing credentials for an API class login with the Archer API role.
Archer API Invalid or null token. Each login account is limited to using five tokens at a time to download Archer reports. The last five of generated tokens are valid. All tokens expire after 30 days whether used or not. Using invalid tokens returns HTTP status code 403.
Archer API Incorrect date format. The date format used by the  date_from  and  date_to  fields is dd-mm-yyyy, meaning, date then month and year.
Archer API The report not ready. If you try to call  before  has completed, you receive HTTP status code 204 to indicate no content is available. Try to download the report at a later time. After an excessively long time, if the Veracode Platform does not return the report, contact Veracode Technical Support.
Archer API The results file is too large. When attempting to fetch the Archer feed for a large number of applications at once, the Veracode Platform may return HTTP status code 500. It is best in these cases to fetch the data using the optional arguments for the Archer API to limit the scope of the data being pulled (e.g. using  scan_type  and/or a date range). Once all the historical data is in place, use one of the  period  arguments ( yesterdaylast_week , or  last_month ) to pull data on a scheduled basis.

Alternatively, you can use the asynchronous calls, downloadarcherreport.html and generatearcherreport.html.

Eclipse Plugin I experience a PKIX path building failure when installing the plugin from Eclipse. Add the following lines to the eclipse.ini file in your Eclipse installation directory:
-vmargs"path for cacerts""path for cacerts"
Jenkins Plugin I receive one of these messages:
  • An app_id could not be located for application profile
  • Access denied
  • Check the Veracode user role for the logged-in account to verify that you have a role with permissions to create an application profile, such as Upload API for API service accounts or Creator for user accounts.
  • Confirm that the Veracode application profile for the specified application name is visible by the specific teams who have access to this application and its scan results.
Jenkins Plugin The following message appears in the console output: The policy status 'Did Not Pass' is not passing. Unable to continue. This message indicates that you selected the Wait for scan to complete checkbox in your job configuration and the scan failed to pass your policy. If you want builds for scans that fail policy to complete, you must deselect that checkbox.
Jenkins Plugin The test connection action fails. There is no success message.
  • Verify that your Jenkins server has Internet connectivity.
  • Check outside of the Jenkins plugin environment to verify if the server the Jenkins tool is running on has internet connectivity. To determine connectivity, download and run the Veracode Java API wrapper on the same machine the Jenkins tools are running on to test for internet connectivity.
  • Verify the proxy settings to see if a proxy is required.
  • If a proxy is not required, you can test for an external Internet connection with a cURL command and running, for example, the command.
Jenkins Plugin or Java API Wrapper The following message appears: Requested array size exceeds VM limit. This error indicates you are attempting to upload an archive that is too large for the current limit (in GB). Check the content and size of the files or archives you are uploading to verify you are using the correct files.
Jenkins Plugin or Java API Wrapper

The following message appears:

[16.01.11 14:28:39] java/net/HttpURLConnection.setFixedLengthStreamingMode(J)V Build step Upload and Scan with Veracode marked build as failure Finished: FAILURE
This message indicates that the Java version you are using is not Java 7 or later. The Veracode Jenkins Plugin and the Veracode Java API wrapper require Java 7 or later.
Veracode Integration for Jira If you need to troubleshoot any issues, enable debug logging in Jira.
The location of the Jira logs depends on the Jira installation location. For example:
  • On Linux: /opt/atlassian/jira/logs/catalina.out
  • On Windows: C:\Program Files (x86)\Atlassian\Application Data\Jira\log\atlassian-jira.log
Enable Logging in Jira and set the logging level to DEBUG. After completing any debugging, ensure you change the logging level from DEBUG back to the logging level, such as INFO, and restart Jira.
Maven Build Script The following message is returned: java.lang.ClassNotFoundException: Cannot find the specified class The IBM WebSphere environment may prevent a Veracode UploadandScan target from executing if the Maven build script dependencies with the Java class path are missing. To resolve this, generate two pom.xml scripts, using one specifically for the Veracode upload.
Results API The call is slow to deliver information. Veracode recommends that you use to generate a list of all applications and to generate a list of all builds for an application.  You can then use and to retrieve the information about specific applications and builds.
Upload API I do not know if the prescan is complete or successful. To check the prescan results in the Upload API, call
Upload API My scan does not complete due to non-fatal errors. If you want to ensure the scan completes even though there are non-fatal errors such as unsupported frameworks, ensure you use the scan_all_top_level_modules parameter when you use the call.
Upload API and Integrations I received a fatal error after prescan, which is preventing my static analysis from starting automatically. Before the next time your static analysis is scheduled to start automatically, you need to:
  1. Review the prescan results to identify the modules that have fatal errors.
  2. Resolve the errors.
Optionally, if you do not want to resolve the errors, you can: If you have not added or deleted any modules since the last analysis that conained the fatal errors, the next automated analysis uses the same selected modules.
Any Plugin, Any API When using either a Veracode plugin, the Veracode API wrappers, or a custom script, I see this returned in the output text: App not in state where new builds are allowed. This message indicates that a previous static scan did not succeed for the specific application. Log into the Veracode Platform and review the application's current scans to determine if the previous scan did not successfully complete. A previous scan may still be in progress. If a previous scan is still running due to an error, select Delete. You can then use the plugin to submit a new scan request.
Visual Studio Extension I received a download error that says No applications exist for the specified user's account. Using the Visual Studio Veracode menu, you may have attempted to download results after selecting a specific application for which you do not have permission to access. You must be a member of each team associated with an application to be able to access that application's data.
Visual Studio Extension The Upload Build menu does not populate the Application dropdown list or allow me to complete the Build text box. This message indicates that you do not have the required role to either create a new application or build.
Visual Studio Extension I receive this message Support Issue: No precompiled files were found for this ASP.NET web application. Use the Veracode Static for Visual Studio to prepare your .NET application for uploading to Veracode. For information on how to use this extension, see Using Veracode Static for Visual Studio.
Visual Studio Extension I ran a scan from within Visual Studio, downloaded the scan results and, then, selected Veracode Static > View Results. The Results window is empty. If you are using Visual Studio 2019 with .NET Framework version 4.8, you must clear an option in Visual Studio to ensure the downloaded scan results display in the Results window. Otherwise, the Results window may be empty.

See Configure Visual Studio 2019 to Display Scan Results.

After configuring Visual Studio, you can select Veracode Static > View Results to view the scan results in the Results window.
Visual Studio Extension Upload and Scan fails to complete automatically. For web applications built on ASP.NET 3.0 Core and later, there is an executable that duplicates the artifacts included in the upload to the Veracode Platform. In your web application project, you must deselect the duplicate executable to exclude it from the upload, or you see an error and the Veracode Platform initiates a manual module selection.
Veracode Azure DevOps Extension The Veracode Release Summary report is not displaying in the TFS on-premise extension. If you rename the build step task Upload and Scan, the extension cannot find and execute the task, and no Veracode Summary Report is created.
Veracode Azure DevOps Extension I am receiving upload errors for my Azure DevOps builds.

To resolve the upload errors, you have these options:

  • Before uploading to Veracode, add the folder containing the files you want to scan to a ZIP archive. The ZIP archive suppresses errors due to unsupported file types.
  • After prescan, resolve any fatal errors:
    1. Review the prescan results to identify the modules that have fatal errors.
    2. Resolve the errors.
    Optionally, if you do not want to resolve the errors, you can: If you have not added or deleted any modules since the last analysis that contained the fatal errors, the next automated analysis uses the same selected modules.

Microsoft provides pipeline build steps for creating a folder with only the files that Veracode requires for scanning. See the Copy Files task and Delete Files task in the pipeline documentation on the Azure documentation website.

Veracode Azure DevOps Extension I selected the Veracode Scan Summary tab in Azure DevOps to view scan results and see the message Veracode is taking longer than expected to load. Clear your browser cache and, then, select the Veracode Scan Summary tab again.
Any IDE Plugin or Extension I am having problems with my credentials and am prompted to enter them multiple times.
  1. Check that you have saved your credentials. Go to Veracode > Options > Credentials and verify the Veracode API credentials are saved.
  2. Verify that the field Do not use stored credentials to log in is cleared.

For assistance with errors you receive while compiling your application, see the Troubleshooting Precompilation Errors page.

If you cannot find the solution to your problem on this page, contact Veracode Technical Support.