Submitting an Application to Veracode

Build Systems

The Veracode Bamboo Integration enables you to submit applications from your Bamboo environment to Veracode using the Veracode API wrapper. The following example demonstrates how to submit a Java or .NET application.

Before you begin

Before you can submit an application to Veracode using the Veracode Bamboo Integration, you must:
  • Have either a human Veracode account with the Creator role or a non-human customer API account with the Upload API role.
  • Properly compile the application according to the instructions in the compilation guide.
  • Define Java and a zip utility, such as WinZip, as executables in your Bamboo Administration account.
  • Install the Veracode Java API wrapper on your Bamboo server.
  • Configure Bamboo to be able to run Maven projects.

About this task

After you successfully create and run your plan in Bamboo, you can submit your application to Veracode for scanning. To submit an application to Veracode:

Procedure

  1. Open Bamboo and navigate to the plan you created for your application.
  2. From the plan configuration, select a job and click the Tasks tab.
  3. From the Tasks page, click Add task.
  4. In the Task description field, explain that this command uploads the application to Veracode.
  5. From the Executable dropdown menu, select Java.
  6. In the Argument field, enter an argument with the following parameters:
    • vuser - Veracode Platform username.
    • vpassword - Veracode Platform password.
    • action - Name of the action performed. Enter uploadandscan.
    • appname - Name of the application.
    • createprofile - Specifies that the API should create an application profile if one does not exist for the indicated application name.
    • createsandbox - Optional. Creates a sandbox for this application.
    • sandboxname - Optional. Name of the sandbox in which you want the scan to build.
    • filepath - Filepath of the files you want to upload to the Veracode Platform for scanning. By default, Veracode uploads all the subdirectories and files of this filepath.
    • version - Name or version of the build you want to scan.
    For example:
    -jar C:\<JavaWrapper_HomeFolder>\VeracodeJavaAPI.jar -vuser
    ${bamboo.VCuser} -vpassword ${bamboo.VCpassword} -action uploadandscan
    -appname <Your_Application_Name> -createprofile true -createsandbox true
    -sandboxname ${bamboo.shortPlanName} -filepath
    ${bamboo.build.working.directory}/*.<FileExtensionForCompiledApplication> -version
    ${bamboo.buildNumber}


  7. Review your configurations and click Save.