You can choose to display the results of a Veracode Static Analysis scan in Jenkins for freestyle or pipeline jobs.
Click the Veracode link in the left navigation pane or in the main summary to see the results details.
- Overall policy compliance status
- Policy name
- Policy rules:
- Veracode Level
- Static scan requirement
- Static scan score
- Link to the Executive Summary page on the Veracode Platform
- Flaw count table (derived from the Veracode Detailed Report)
- Flaw trend chart (only against successful Jenkins builds)
If scans do not complete due to errors, the Jenkins build summary states that results are unavailable. The console output lists more information, including the cause of the error.
In master/slave Jenkins environments, the master returns the Veracode scan results and, therefore, must have access to the Veracode Platform. If there is no access to the Veracode Platform, the Jenkins build status is not affected.
If the organization associated with the Veracode Platform account is configured to provide
Software Composition Analysis
(SCA) results, the details page includes additional information related to the
- Number of blacklisted SCA components
- Highest found Common Vulnerability Scoring System (CVSS) score
- SCA vulnerability count table
- List of components added since the previous build