There are several ways to provide authentication credentials so Veracode can scan your application.
- This method is selected by default as it is the common method for most applications, including simple login forms that have a username, password, and login button. Auto-login also works for browser-generated logins, such as basic authentication and NTLMv2. For NTLMv2, you can include the NetBIOS domain separated from the username with a backslash, for example, DOMAIN\username. You can combine auto-login authentication with basic authentication.
- Login Script
- If your application uses a customized or complex form for its login, you can add login script authentication to auto-login authentication.
- Record and upload a login sequence that Veracode uses to automatically log in to your application. Use this method for multi-step login sequences that contain one or more authentication methods, such as username, password, and PIN. You can also combine login script authentication with basic authentication.
- If you use login script authentication and have uploaded a login script,
you can download it at any time to verify its information. Go to the Dynamic
Analysis Summary page and click on the URL that has the login script. In the URL
Configuration section, click the link in the Login Script field to download the
- Client Certificate
- If you want to scan an application that requires a certificate, you upload the
certificate and associated password to enable Veracode to access that application. The
certificate file must be in the PFX or P12 format.
- Basic Authentication (Browser-generated)
- The basic authentication method provides information for a site that uses basic or browser-generated authentication where the browser prompts you for credentials in its own pop-up window. Enter the username and password you want Veracode to use. Optionally, you can enter the domain name. You can use this method alone or in combination with the auto-login or login script methods.