Veracode Integrations

Veracode Integrations

Veracode integrations allow you to maximize the benefits of static and dynamic cloud-based security testing in your Software Development Life Cycle (SDLC) and Governance, Risk, and Compliance (GRC) workflows.

Veracode application programming interfaces (APIs) and plugins automate the major software development tasks, including coding, building, testing, and deploying, involved in scanning applications and analyzing the results.

Veracode integrations enable you to automate all necessary security verification tasks, including:
  • Creating application profiles
  • Uploading applications
  • Submitting applications for scanning directly from integrated development environments (IDEs) and continuous integration (CI) servers
With specific line-of-code vulnerability identification and remediation instructions, you can directly integrate into IDEs and defect tracking systems to streamline defect triage and fixing.

For information about the supported software required for installing and using Veracode integrations, see the Veracode-Authored Integrations page.

Veracode REST APIs
Veracode REST APIs enable you to programmatically interact with the Veracode Platform to seamlessly incorporate application flaw, summary, and policy information into your compliance and risk management programs.
Veracode XML APIs
Veracode XML APIs enable you to programmatically interact with the Veracode Platform to seamlessly incorporate application flaw, summary, and policy information into your compliance and risk management programs.
Veracode API Wrappers
The Veracode API wrappers are Veracode-developed CLI programs that can communicate with the Veracode APIs. You can use the API wrappers to accelerate the integration of the Veracode APIs in your software development lifecycle.
Veracode IDE Integrations
Before checking in your code, you can start a scan, review security findings and triage the results, all from within your IDE. Veracode integrates with Eclipse, IntelliJ, and Visual Studio.
Veracode Greenlight Plugin
Veracode Greenlight finds security defects in your code and provides contextual remediation advice to help you fix issues in seconds, directly in your IDE.
Veracode Build and Release Management System Integrations
By integrating Veracode into your Artifactory, Jenkins, Azure DevOps, or Team Foundation Server build or release pipelines, you can test in the pipeline or in parallel. You can also stop the pipeline if security issues that violate your policy are found.
Veracode Ticketing Integrations
The Veracode defect-tracking integrations with Jira, Azure DevOps/TFS, Bugzilla, and CA Agile Central create defect tickets from Veracode findings. The integrations also update or close defects automatically after you retest your code.
Veracode GRC Integrations
Veracode provides native integration for RSA Archer to make it easier to understand which of your applications may be in violation of your corporate security policies and how quickly the organization is addressing issues.
Veracode WAF Integrations
Veracode works with you to build custom rules for web application firewalls (WAF) to block potential attacks against your web application.