Add an Endpoint to a Gateway

Internal Scanning Management

When you configure a gateway, you must create one endpoint that connects to it. After you configure the gateway, you can add more endpoints to it. Veracode recommends that you install one endpoint in each network in which you scan your internal applications.

Before installing an endpoint on a machine, verify that you can connect to the applications you want to scan from that machine.

To add an endpoint to a gateway:

  1. From the gear icon menu at the top of the Veracode Platform, click Internal Scanning Management.
  2. Click the name of the gateway to which you want to add the endpoint.
  3. On the gateway page, click Add Endpoint.
  4. Enter the endpoint name and description.
  5. Select the platform of the machine running the endpoint. If you do not use Windows or Linux, select Other to perform a manual endpoint installation.


    Note: ISM currently supports ASCII characters, not UTF-8, for endpoint names and descriptions.
    If you select Other, go directly to Manually Install an Endpoint.
  6. Click Next.
  7. Complete the following steps to start the installer:
    1. Click Download to download the ZIP file containing the installer.
    2. Click Copy in the text box in step 2.3 to copy your endpoint key to your clipboard.
    3. Move the downloaded ZIP file to a machine behind your firewall with access to your internal applications.
    4. Extract the ZIP file.
    5. Open the installer file.
    • For Windows machines, the filename is veracode_ism_install.bat.
    • For Linux machines, the filename is veracode_ism_install.sh
    Note: If you have insufficient permissions to create the service, run the file as an administrator. If you are using a Linux machine without a GUI wrapper, Veracode recommends you open the installer with the following command: sudo -s ./veracode_ism_install.sh
  8. After you launch the installer, complete the following steps to install the endpoint:
    Note: For Linux machines without a GUI wrapper, opening the installer prompts you to provide the information listed in these steps on the command line.
    1. Read the terms of use for the endpoint, select the checkbox, and click Next.
    2. Verify that the installation folder and Java home are correct or select your preferred folders and click Next.


      Note: If the installer cannot automatically detect the Java home, you must specify it.
    3. If you use a proxy, select Manual configuration.
    4. If you select Manual configuration:
      • Enter your proxy hostname and port number.
      • If you want to use the proxy only for communication between the endpoint and gateway:
        • Select For gateway connection.
        • If you want the proxy to resolve the gateway hostname, which means you need to allow only the gateway hostname, clear the Let endpoint resolve hostname for gateway checkbox. If you do not clear it, you must include the hostname and IP address of the gateway in your allowlist.
      • If you want to use the proxy for communication between the endpoint and gateway and between the endpoint and the URLs you scan:
        • Select For gateway and URL connections.
        • If you want the proxy to resolve the gateway or URL hostnames, which means you need to allow only the hostname for the gateway and the URLs you scan, clear the Let endpoint resolve hostname for gateway or Let endpoint resolve hostname for URLs checkboxes. If you do not clear them, you must include the hostname and IP address of the gateway and URLs in your allowlist.
      • If the proxy requires authentication, select Authentication Required and, then, enter your proxy credentials.
    5. Click Next.
    6. Paste the endpoint key you copied in an earlier step and click Next.
      Note: If you did not copy the endpoint key, go to the gateway page in the Veracode Platform, click the Actions menu for this endpoint, and select Copy Endpoint Key.
    7. When the key validates, click Install.
    8. Click Close.
      After you complete the installation, the new endpoint appears on the gateway page with a status of Ready.

After you have started the endpoint, you can configure a Veracode Dynamic Analysis for internal scanning.