Uploading Files for Analysis Using Visual Studio


After using Veracode Static for Visual Studio to create a Veracode build of your application, you can upload the build to a new application or existing application profile in your Veracode portfolio.

To upload a build to a new application:
  1. In Visual Studio, select Veracode Static > Upload and Scan.
  2. In the Upload and Scan window, from the Application dropdown menu, select an existing application in the Veracode Platform, or click Add Application.

    Upload your Veracode application build.
  3. Complete all the fields in the Add Application window, and click Save.

    In the Upload and Scan window, the application you just added is preselected and the Create Scan window opens.

    Select the files to scan.
  4. Enter a name for the new scan, set any optional parameters, and click Create. If you want to change the scan type, go back to the Upload and Scan window to change it and, then, click Create Scan again.
  5. In the Solution Files pane, select the solution files you want to upload.
    Note: For web applications built on ASP.NET 3.0 Core and later, there is an executable that duplicates the artifacts included in the upload to the Veracode Platform. In your web application project, you must deselect the duplicate executable to exclude it from the upload, or you see an error and the Veracode Platform initiates a manual module selection.
  6. If necessary, select any files in the Additional Files section that you also want to scan. The files can include additional application components that are not built in the solution, such as compiled files from another solution or components built in another language.
  7. Click Upload.

    You can see all the files you have uploaded and delete any files that you do not want to scan.

  8. At the prompt, click OK to start the prescan of the files when the upload has completed. If you click No, you must click the Start Prescan link on the Upload and Scan page.

    After the prescan verification completes successfully, the scan begins automatically.
  9. If there is an error in the prescan:
    1. In the Upload and Scan window, click View Prescan Results.
    2. In the Prescan Verification Results window, select the files you want to scan.
    3. Select the modules that are independent components, which you need to scan in their entirety. Leave the checkboxes for third-party components or dependencies cleared.

      Select the files to scan.
  10. Click Yes to start the scan.
Note: If you encounter an error when uploading a build, in Visual Studio, in the Options window, select Source Control > Environment. Then, verify that Saving and Editing are set to Check out automatically.