Installing and Using the Veracode TFS XAML Build Integration

Build Systems

Integration with Visual Studio Team Foundation Server enables Veracode users to upload binaries to Veracode directly from their TFS server. This integration supports TFS 2012 and 2013.

As a prerequisite before integrating Veracode with your Team Foundation Server, you must first prepare your application with the required debug symbols. Veracode recommends that you use the Veracode Visual Studio Extension, which also prepares web projects, if your project contains them. You can also use this XAML build integration to automate the build of your application by creating an MSBuild script.

To integrate with TFS, you can use this procedure, which uses the Veracode build activity files. Alternatively, you can use the API suite provided in the Veracode C# API wrapper to integrate Veracode with TFS.

The major steps involved in the build activity integration include:
  • Make VeracodeTFSActivity.dll available to Visual Studio
  • Connect to the TFS Server using Visual Studio and create a copy of an existing build process template
  • Modify the build process template
  • Check in the modified build process template
  • Check in VeracodeTFSActivity.dll and VeracodeC#API.exe
  • Create a build definition
  • Test the integration

Make the Veracode DLL Available

Your TFS build process template must reference the Veracode TFS build activity.
  1. Download the VeracodeTFSActivity.dll from
  2. Close Visual Studio and copy the VeracodeTFSActivity.dll to the PublicAssemblies folder in the Visual Studio installation directory. For example,
    • For Visual Studio 2012: c:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PublicAssemblies
    • For Visual Studio 2013: c:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PublicAssemblies

Connect to the TFS Server and Copy Existing Build Process Template

The next step is to connect to the TFS server.
  1. Restart Visual Studio.
  2. In the Team menu, select Connect to Team Foundation Server.
  3. From the Team Explorer menu, click the Home icon and select Pending Changes > Actions > Open Source Control Explorer.

  4. In the Source Control Explorer, go to your BuildProcessTemplates directory and select an existing build process template.
  5. Right-click on the template and select Branching and Merging > Branch.
  6. In the Target field, enter a name of the copy of the build process template and click OK.

The new template appears in the Source Control Explorer window.

Modify the Build Process Template

The next step is to modify the build process template by adding the Veracode UploadAndScan Activity element to the Toolbox.
  1. In the Source Control Explorer, double-click the new template you just created to open it in the TFS Workflow Designer.
  2. Open View > Toolbox.
  3. You can add the element in any of the Toolbox tabs or you can create a new custom tab by right-clicking anywhere in the Toolbox and selecting Add Tab.
  4. Select either an existing tab or your new tab if you created one, right-click and select Choose Items....
  5. In the System.Activities Components tab, browse to the location where you downloaded the VeracodeTFSActivity.dll file and click OK. The .dll file is now in the Toolbox.

You now need to add a reference to the Veracode TFS build activity.
  1. Drag and drop the UploadAndScan item onto your .xaml workflow.

    If you are using a copy of the default build process template, add the Veracode TFS build activity inside the Run On Agent activity, after the activity that compiles the code.

  2. In the Veracode Credentials section, select the type and values of credentials: Username/Password or ID/Key.
  3. Specify the path to the binaries directory. By default, the Filepath property references the BinariesDirectory variable. If the BinariesDirectory variable is not available, click Add in the Upload and Scan Parameters window to add it to your workflow.

    The filepath to the binaries directory can have subdirectories that contain uploadable modules. Therefore, modules available for scanning can be in the specified folder as well as in subdirectories within that folder.

    The Error List should indicate that the Username and Password arguments are missing.

  4. In either the Upload and Scan Parameters or Properties, enter the Visual Basic expressions that retrieve your Veracode credentials.
    Such expressions could be calls to methods that read text data from a secure location on your build agent machine(s). For example:
    • System.IO.File.ReadAllText(“path/to/doc.txt”)
    • System.IO.File.ReadAllLines(“path/to/doc.txt”)(0)
      Note: Because values passed to the activity are hard-coded in the build process template file, which needs to be available to users who want to reference it from their build definitions, you should not enter credentials as literal string expressions.

Check in the Modified Build Process Template

The next step is to check in your build process template you that you modified.
  1. In Source Control Explorer, right-click the build process template you want to check in and select Check In Pending Changes.
  2. In Team Explorer, click Check In.

Check in Veracode Files

The next step is to check in VeracodeTFSActivity.dll and VeracodeC#API.exe.
  1. In Source Control Explorer, in the CustomAssemblies folder, right-click somewhere in the right table, select Add items to Folder…, select VeracodeTFSActivity.dll and VeracodeC#API.exe and click Finish.
  2. Select the VeracodeTFSActivity.dll and VeracodeC#API.exe files again, right-click and select Check In Pending Changes.
  3. In Team Explorer, click Check In.

Create a Build Definition

The parameters in the build definition decide the behavior of the Team Foundation build.
  1. In Team Explorer window, select Home > Builds > New Build Definition.
  2. In Build Definition, click Process and under Build process template, click Show details and then New.
  3. Click Select an existing XAML file.
  4. Click Browse and locate the build process template that you checked in.

  5. In the Required section, select the items you want to build. Optionally, change Logging Verbosity from Normal to Diagnostic.
  6. In the Veracode section, provide an application name and a scan name in the respective fields. Your values can reference TFS build environment variables.
  7. Save the build definition.

Submit a Build Definition

The final step is to test your work by submitting a build request and reviewing the log output.
  1. In Team Explorer, expand All Build Definitions, right-click the build definition you created and select Queue New Build… If necessary, select a different build controller and click Queue.
  2. To view output text associated with the Veracode TFS Build Activity, open Team Explorer, right-click on the build request you submitted and select View Log.
  3. Scroll down to the Upload and Scan with Veracode section to check the output.