Run the Veracode Integration for CA Agile Central

Ticketing Systems

After you have completed the necessary configurations, you can use the Veracode Integration for CA Agile Central to import the flaws found in Veracode scans into CA Agile Central as defects and update the flaws in the Veracode Platform with the mitigation actions assigned in CA Agile Central.

About this task

Veracode recommends that you run the integration after every Veracode scan you perform for a particular application. To run the integration:

Procedure

  1. Open a command prompt and stop the integration if it is running.
    Note: If you are using Windows, you can press Ctrl+C to accomplish this.
  2. You can deploy the integration to initiate a one-time import, which is typically executed by a build server, or you can deploy the integration to import according to a scheduler.
    • To deploy the integration for a one-time import, enter the following command:
      java -jar veracode-agilecentral-integration.jar --RESOURCE_PATH="C:\\path\\to\\root\\folder\\" --SyncOnStartup=true
    • To deploy the integration to import according to a scheduler, enter the following command:
      java -jar -Dspring.profiles.active=schedule veracode-agilecentral-integration.jar --RESOURCE_PATH="C:\\path\\to\\root\\folder\\"
      Note: If you deploy in this way, the flaw import process initiates once every four hours by default. To change the frequency, you must update the scheduler.properties file in the root folder. See the Quartz documentation for information about updating the scheduler properties.
    After the import completes, the Veracode findings appear on the Defects summary page for your project in CA Agile Central.