Configuring Jenkins to Use the Veracode Jenkins Plugin

Build Systems

You can configure Jenkins to customize the integration of the Veracode Jenkins Plugin.

Click Manage Jenkins > Configure System and scroll down to the Veracode Jenkins Plugin section.

You can configure the following settings:
  • In the Veracode User Credentials fields, you can optionally enter a placeholder which the Credentials Binding plugin uses later. Configure this placeholder if you intend to use the binding plugin for freestyle, Domain Specific Language (DSL), or pipeline jobs where credential management is needed. This placeholder must have a leading dollar sign and be unique. Veracode recommends, for example, $veracode_username and $veracode_password.
  • Select the Fail Job checkbox to stop the build from completing in specific circumstances. If the process of uploading to Veracode does not succeed or if the Veracode scan fails, you have the option of stopping the build to prevent further processing time being spent on the build. Several conditions could cause a scan to fail, including network timeouts, incorrect credentials, or exceeding the maximum file size when uploading. The Fail Job option allows you to stop a build if either of these specific failures occurs:

    • During an upload and scan, an SCA scan or static scan fails a specified policy evaluation.
    • A dynamic rescan post-build action fails.

    The Fail Job selection is optional. However, this option can save you time and enable you to quickly troubleshoot build issues that are related to your Veracode scan.

  • In the Copy Output Remote Files to Master section:
    • If you want to build and upload code to Veracode from a remote machine, make sure the Copy Output Remote Files to Master checkbox is unselected.
      Note: Jenkins uses the term node to refer to a remote machine.

      If you do not copy the files to master, the Veracode Jenkins Plugin copies the Veracode Java wrapper libraries JAR files to the veracode-jenkins-plugin directory in the remote root directory.

      The Java wrapper CLI executes from the remote machine to upload and scan the output code generated by a build.

    • If you build only on a remote machine and copy the output files from the remote machine to master for uploading to Veracode, select the Copy Output Remote Files to Master checkbox. Veracode does not recommend this option.
  • In the Default Values field, you can configure the following Jenkins server environment-type variables for global application to all Jenkins jobs:
    • $projectname, which changes the new Veracode application name to the Jenkins server project name. You can overwrite this value within the individual Jenkins project settings page in the Veracode options section.

    • Jenkins server workspace path and IP address.

    • $buildnumber, which changes to the Veracode default scan name.

  • Select the Run in debug mode option to enable the collection of detailed information about Veracode scans. This data is stored in the console log of each individual Jenkins project.
  • If you intend to connect using a proxy, select the Connect using a proxy option and provide the specific host, port, username and password settings for global use in Jenkins.