Configure Internal Scanning

Internal Scanning Management

Your Internal Scanning Management (ISM) configuration consists of a gateway that is the access point to the Veracode cloud and endpoints, which connect Veracode to your internal applications.

About this task

Veracode recommends that you create only one gateway.

To configure internal scanning:

Procedure

  1. From the gear icon menu at the top of the Veracode Platform, click Internal Scanning Management.


  2. Click Configure Internal Scanning.
  3. Enter the name and description of the gateway and click Next.


    Note: ISM currently supports ASCII characters, not UTF-8, for the names and descriptions of gateways and endpoints.
  4. Enter the name and description of the endpoint you want to connect to this gateway.
  5. Select the platform of the machine running the endpoint. If you do not use Windows or Linux, select Other to perform a manual endpoint installation.
    If you select Other, go directly to Manually Install an Endpoint.
  6. Click Next.
  7. Complete the following steps to start the installer:
    1. Click Download to download the ZIP file containing the installer.
    2. Click Copy in the text box in step 2.3 to copy your endpoint key to your clipboard.
    3. Move the downloaded ZIP file to a machine behind your firewall with access to your internal applications.
    4. Extract the ZIP file.
    5. Open the installer file.
    • For Windows machines, the filename is veracode_ism_install.bat.
    • For Linux machines, the filename is veracode_ism_install.sh
    Note: If you have insufficient permissions to create the service, run the file as an administrator. If you are using a Linux machine without a GUI wrapper, Veracode recommends you open the installer with the following command: sudo -s ./veracode_ism_install.sh
  8. After you launch the installer, complete the following steps to install the endpoint:
    Note: For Linux machines without a GUI wrapper, opening the installer prompts you to provide the information listed in these steps on the command line.
    1. Read the terms of use for the endpoint, select the checkbox, and click Next.
    2. Verify the installation folder and Java home are correct or select your preferred folders and click Next.


      Note: If the installer cannot automatically detect the Java home, you must specify it.
    3. If you use a web proxy, select Manual configuration and enter your proxy details. The proxy details must match the proxy details configured in your Java settings.
    4. Click Next.
    5. Paste the endpoint key you copied in an earlier step and click Next.
      Note: If you did not copy the endpoint key, go to the gateway page in the Veracode Platform, click the Actions menu for this endpoint, and select Copy Endpoint Key.
    6. When the key validates, click Install.
    7. Click Close.
      The gateway and endpoint you created now appear on the Internal Scanning Management page.

      The gateway may have a status of Initializing for a few minutes after you create it. The endpoint has a status of Pending until you successfully deploy it. When you successfully deploy the endpoint, it has a status of Ready.

What to do next

If the endpoint fails to connect to the gateway, your organization may need to whitelist the gateway IP address or domain name. The IP address and domain are visible from the Internal Scanning Management page and the gateway page.

After you have created the gateway, started the endpoint, and tested the gateway connection, you can configure a Veracode Dynamic Analysis for internal scanning.