Best Practices for Endpoint Management

Internal Scanning Management

Veracode recommends that you comply with the following best practices for managing your endpoints to make the most effective use of Internal Scanning Management.

Install one endpoint in each network in which you want to scan applications.
Veracode recommends that you install one endpoint in each network in which you scan your internal applications. For example, if you have applications deployed in multiple data centers, you install a separate endpoint for each datacenter.

Each endpoint can support up to 20 simultaneous scans.

Install endpoints with the endpoint installer.
On Windows and Linux, the endpoint installer simplifies the installation process and creates a service that continuously runs the endpoint.
For manual installations, run endpoints as a service.
If you manually install an endpoint, configure your machine to run the endpoint as a service.
Install endpoints close to the target applications.
To minimize network latency, install your endpoints close to the applications you plan on using the endpoint to scan.
Do not install the same endpoint in multiple networks.
You encounter an error if you attempt to run a single endpoint in more than one network.
If an endpoint goes offline, restart it.
  • Windows machines: Open the Services application from the Windows start menu, find the Veracode_ISM service, and click Start the service or Restart the service.
  • Linux machines: From the command line, enter service Veracode_ISM status to get the status of the ISM service. If it is running, enter service Veracode_ISM stop to stop it. When it has stopped, enter service Veracode_ISM start to start it.
  • Manual installations: Restart the endpoint JAR file from the command line.
If the endpoint does not come back online, contact Veracode Technical Support.