Protect Veracode Credentials in Jenkins Pipeline Builds

Build and Release Management

You can use the Jenkins Credentials Binding plugin to bind your Veracode API credentials to environment variables. You generate a script containing the bound environment variables and, then, add this script to your Jenkins pipeline script.

  • You have installed the latest Credentials Binding plugin from the Jenkins Plugin Index.
  • You have generated Veracode API credentials.
After binding your Veracode API credentials to the environment variables, Jenkins secretly uses the credentials saved in its credentials store. Only the bound environment variables appear in the Jenkins interface and logs instead of your Veracode API credentials.

To protect your Veracode API credentials in Jenkins pipeline builds:

  1. In Jenkins, go to your pipeline project.
  2. Click Pipeline Syntax to open the Snippet Generator.
  3. From the Sample Step dropdown menu, select withCredentials: Bind credentials to variables.
  4. In the Bindings section, select Add > Username and password (separated).
    The Username and password (separated) section opens.

    Pipeline step for binding Veracode credentials in Jenkins.
  5. In the Username Variable and Password Variable fields, enter username and password variables. Your Veracode API credentials bind to these variables at runtime.
  6. Do one of the following:
    • If the Veracode API credentials to which you want to bind the specified username and password variables are in the Jenkins credentials store, select them from the Credentials dropdown menu. Then, continue to Step 7.
    • If the Veracode API credentials to which you want to bind the specified username and password variables are not in the Jenkins credentials store, you need to add the credentials.
      1. To the right of the Credentials dropdown menu, select Add > Jenkins to open the Jenkins Credentials Provider window.
      2. In the Username field, enter your API ID and, in the Password field, enter your API key.
      3. Optionally, enter values for the ID and Description fields.
      4. Click Add to add the credentials to the Jenkins credentials store.
      5. From the Credentials dropdown menu, select the credentials you added.
  7. Click Generate Pipeline Script.
    In the generated script, which is Apache Groovy code, the withCredentials step contains the username variable, password variable, and, if specified, the credentials ID.
Copy the entire withCredentials step and add it to your Jenkins pipeline script for Veracode scans.