Configuring a TeamCity Project for Veracode Scans

Build Systems

After installing the Veracode TeamCity Plugin, you can configure TeamCity jobs to upload binaries to Veracode for scanning. You scan with Veracode, you use your same TeamCity build process, adding an additional build step for the Veracode parameters.

To configure a job to scan with Veracode:
  1. Open the project to which you want to apply the Veracode settings.
  2. Click Edit Configuration Settings in the top-right corner.
  3. In Build Steps, click Add Build Step.
  4. In the Runner Type dropdown menu, select Upload and Scan with Veracode.
  5. In the Application Name field, enter the name of the application you want Veracode to scan.
  6. Optionally, select Create New if this application does not already exist in the Veracode Platform and you want TeamCity to create one.
  7. If applicable, enter the name of the team associated with the scan. To enter more than one team, use a comma-separated list.
  8. From the Business Criticality menu, select the level of criticality of this application.
  9. In the Sandbox Name field, enter the name of the sandbox in which you want to run the scan as a sandbox scan.
  10. Select the Create Sandbox checkbox if the sandbox does not already exist in the Veracode Platform, but is a new sandbox you want TeamCity to create.
  11. In the Scan Name field, enter a name for the static scan you want to submit to the Veracode Platform for this application.
  12. In the Upload field, you can include and exclude filepath patterns of the files you want to upload and scan. Use a comma-separated list of ant-style include patterns relative to the job workspace project name (that you entered in the Project Name field).
  13. In the Scan field, you can include and exclude filename patterns of the uploaded files you want to scan as top-level modules. Use a comma-separated list of ant-style include patterns with only the filenames of the files you have uploaded, not the filepaths.
  14. Optionally, you can rename the files you are uploading by entering the filename pattern of the uploaded files that you want to rename. You must also enter the replacement filename pattern that represents the groups captured by the filename pattern.
  15. Select the Wait for scan to complete checkbox if you want the TeamCity build to wait for the Veracode scan to complete. Enter the timeout period (in minutes) that you want TeamCity to wait. A Veracode policy scan fails, regardless of whether it completes or not, if it does not meet the requirements of the associated policy.
  16. In the Veracode User Credentials section, you have two options for entering either a username/password or ID/key combination:
    • In the username and password or ID and key fields, you can enter the variables to which you bound your credentials ($veracode_username, $veracode_password). If you already provided these credentials in the Veracode administration page, select the Use global Veracode user credentials checkbox. Any credentials you provide in the Veracode User Credentials section override any global credentials you have saved.
    • Optionally, if you want to use both username and password and an ID and key, you can add more credentials and bind them to $veracode_id and $veracode_key, and then use these variables as well as the $veracode_username and $veracode_password variables.
  17. From the Type dropdown menu, select ID/Key.
  18. Enter your Veracode API ID and key. If you provided these credentials on the Veracode administration page, select the Use global Veracode user credentials checkbox. Any credentials you provide here override any global credentials you have saved.
  19. Click Save.
  20. Review all the build steps and click Run.


You can click the blue ? icons in the field names to see more information.