Product
LET’S SCALE YOUR APPLICATION SECURITY BY AUTOMATING REPETITIVE, BUT NECESSARY TASKS

Our platform helps you run an effective application security pipeline without compromising on development speed.

View the Uleska Product

Pricing
GET STARTED WITH THE ULESKA PLATFORM TODAY FOR FREE.

Let’s start optimising your DevSecOps journey.

View Uleska Pricing

Resources
In-Depth Resources

View Uleska downloads and Case studies to understand how we have helped others

View Uleska Resources

BROWSE OUR BLOG

Browse our range of useful blogs and articles.

View Uleska Blog

Docs
Uleska Docs

All the information you need to know for Uleska documentation

View Uleska Docs

Search the Uleska site

    Sign in

    Open Mobile Menu Close Mobile Menu
    Product
    LET’S SCALE YOUR APPLICATION SECURITY BY AUTOMATING REPETITIVE, BUT NECESSARY TASKS

    Our platform helps you run an effective application security pipeline without compromising on development speed.

    View the Uleska Product

    Pricing
    GET STARTED WITH THE ULESKA PLATFORM TODAY FOR FREE.

    Let’s start optimising your DevSecOps journey.

    View Uleska Pricing

    Resources
    In-Depth Resources

    View Uleska downloads and Case studies to understand how we have helped others

    View Uleska Resources

    BROWSE OUR BLOG

    Browse our range of useful blogs and articles.

    View Uleska Blog

    Docs
    Uleska Docs

    All the information you need to know for Uleska documentation

    View Uleska Docs

    Veracode

    What is Veracode?

    Veracode is a commercial provider of software security testing tools, based in the cloud, that includes static code analysis, software composition analysis, and dynamic analysis of websites. Veracode are a partner of Uleska, and they provide an API to their online services to facilitate more automation of their testing in CI/CD cycles.

    To use Uleska with Veracode, you will need to have your own Veracode licenses. Contact Veracode for a discussion on their services and licenses, or you can contact Uleska (as a Veracode partner) for advice and help obtaining the right licenses for your company.

    Security Stage SAST, SCA, DAST (Static Code Analysis, Software Composition Analysis, Dynamic Analysis)
    Type Commercial
    Languages Most languages are covered (see https://help.veracode.com/r/r_supported_table )
    Site https://www.veracode.com/

     

    Pre-requisites

    1 You'll need a Git Address and/or URL to scan
    2 You'll need a Veracode License

     

    How do I set it up?

    You can use the Uleska Platform to runs various types of testing with Veracode and extract results. To configure, the first act is to setup a 'connection' for the Veracode server and API authentication you have created on the Veracode server (see https://help.veracode.com/r/admin_api for more details). We recommend you create a new API user specifically for Uleska, which will then give you the flexibility to control what Uleska can and cannot do in regards to API access and testing.

    Be aware that the same connection details can be used to run SAST/SCA (static code analysis/software composition analysis) testing through the Veracode platform, as well as DAST testing (dynamic analysis). You will configure the one connection profile for Veracode in the Uleska Platform, and then later configure which type of testing you wish to run at various stages in the pipeline.

    • To set up a 'connection', click on the 'Configuration' tab on the left hand side of the UI. If you do not have a 'Configuration' side, you may not have the role permissions to set this connection up, therefore speak to your administrator.
    • In the Configuration screen, click on the 'Connections' tab, and click on 'Add Connection'
    • This will let you configure different types of connections for various tools. Choose the 'Veracode' option in the top drop down box.
    • Enter the configuration details of the user ID you created in Veracode, and the associated API key:

    VeracodeConnection

    • Click Save

    • Now that you have your Veracode connection setup, click on the application you wish to add the tool for, and edit the version (stage) configuration.

    VeracodeEditStage

    • Depending on the type of testing you wish to perform with Veracode, you will setup the version to either have the information necessary for static analysis , or dynamic analysis.
    • Go to the 'Test Tools' tab and click 'Add Tool' for the 'Veracode' tool.

    VeracodeSetup

    • To configure the type of testing to run in this pipeline stage, and other configurations, click on the blue cog to setup. Here you can configure:
      • Application Name (if different from the Uleska configured app name)
      • Gateway Id (if running the Veracode DAST agent internally)
      • Endpoint Id (if running the Veracode DAST agent internally)
      • Authentication Type
      • Run SAST (includes both SAST and SCA scans)
      • Create Application (if necessary within the Veracode system for easy provisioning)
      • Run DAST
    • Click Save.

    Now any time you click 'Test Now' for that application stage of testing, or make a request over the Uleska API or CLI for that stage, the Uleska will start the Veracode scan for SAST/SCA, or DAST (as configured) and extract the subsequent results for the configuration application. Any results added to your vulnerabilities list.

    Notes

    None