What is Veracode?
Veracode is a commercial provider of software security testing tools, based in the cloud, that includes static code analysis, software composition analysis, and dynamic analysis of websites. Veracode are a partner of Uleska, and they provide an API to their online services to facilitate more automation of their testing in CI/CD cycles.
To use Uleska with Veracode, you will need to have your own Veracode licenses. Contact Veracode for a discussion on their services and licenses, or you can contact Uleska (as a Veracode partner) for advice and help obtaining the right licenses for your company.
|Security Stage||SAST, SCA, DAST (Static Code Analysis, Software Composition Analysis, Dynamic Analysis)|
|Languages||Most languages are covered (see https://help.veracode.com/r/r_supported_table )|
|1||You'll need a Git Address and/or URL to scan|
|2||You'll need a Veracode License|
How do I set it up?
You can use the Uleska Platform to runs various types of testing with Veracode and extract results. To configure, the first act is to setup a 'connection' for the Veracode server and API authentication you have created on the Veracode server (see https://help.veracode.com/r/admin_api for more details). We recommend you create a new API user specifically for Uleska, which will then give you the flexibility to control what Uleska can and cannot do in regards to API access and testing.
Be aware that the same connection details can be used to run SAST/SCA (static code analysis/software composition analysis) testing through the Veracode platform, as well as DAST testing (dynamic analysis). You will configure the one connection profile for Veracode in the Uleska Platform, and then later configure which type of testing you wish to run at various stages in the pipeline.
Now that you have your Veracode connection setup, click on the application you wish to add the tool for, and edit the version (stage) configuration.
Now any time you click 'Test Now' for that application stage of testing, or make a request over the Uleska API or CLI for that stage, the Uleska will start the Veracode scan for SAST/SCA, or DAST (as configured) and extract the subsequent results for the configuration application. Any results added to your vulnerabilities list.