How to automate veracode scans

Question

Hey I am looking to use a jenkins pipeline to automatically run a vercode application scan. I know how to launch the scan manually using a few sets of commands. I was just going to add these commands to a script and run them, but maybe there is a better way to do this? Something like this is over engineered for my purposes:https://github.com/OLSPayments/veracode-scripts/blob/master/submitToVeracode.py.

Answer 1

I figured out that it can be done through a Jenkins pipeline. Here is an example:

        yml
        pipeline {
        agent any-with-jdk8-maven-curl-unzip
        stages {
        stage('Maven Build') {
        steps {
        - sh 'maven clean verify'
        }
        }
        stage('Veracode Pipeline Scan') {
        steps {
        - sh `curl -O https://downloads.veracode.com/securityscan/pipeline-scan-LATEST.zip`
        - sh `unzip pipeline-scan-LATEST.zip pipeline-scan.jar`
        - sh `java -jar pipeline-scan.jar \
        --veracode_api_id "${VERACODE_API_ID}" \
        --veracode_api_key "${VERACODE_API_SECRET}" \
        --file "build/libs/sample.jar" \
        --fail_on_severity="Very High, High" \
        --fail_on_cwe="80" \
        --baseline_file "${CI_BASELINE_PATH}" \
        --timeout "${CI_TIMEOUT}" \
        --project_name "${env.JOB_NAME}" \
        --project_url "${env.GIT_URL}" \
        --project_ref "${env.GIT_COMMIT}" \
        }
        }
        }
        post {
        always {
        archiveArtifacts artifacts: 'results.json', fingerprint: true
        }
        }
        }

documentation: https://help.veracode.com/reader/tS9CaFwL4_lbIEWWomsJoA/G02kb80l3gTu_ygcuFODaw