Skip to main content

Integrate Application Security Into Your SDLC



Developers and security teams are both challenged to meet security goals in complex environments. Developers already need to manage many separate tools; new AppSec tools that do not integrate well or lack flexible APIs and customizable integrations are met with low adoption, high distraction and a steep learning curve.  Likewise, security teams often seek to protect against AppSec vulnerabilities with a web application firewall and are challenged to integrate risk data and program metrics across disconnected AppSec tools without manual effort. As more organizations move to DevOps and reap the automation and speed benefits, AppSec solutions need to keep up or risk being left behind.

 

Click boxes below to see more:

  1. CODE
  2. BUILD
  3. TEST
  4. DEPLOY
  5. OPERATE
Click below to see more :

Learn More AboutArrow

API & API WRAPPERS


Click logo to learn more:

  • Java
  • Integrations C#

TICKETING & BUG TRACKING


Click logo to learn more:

Integration Code Samples

 

Veracode's open APIs have enabled customers, partners, and end users to build integrations to other tools and systems to automate scanning with Veracode. These integrations are not supported by Veracode, but if your team is using one of these tools you may want to check these out. New code samples are developed by our customers and community members all the time, for a full list of available code samples, please visit the Veracode GitHub page

GRC System


Click logo to learn more:

Web Application Firewalls

 

Click logo to learn more:

Developer IDE Plug-Ins

 

Click logo to learn more:

  • Eclipse
  • Intelli-J
  • Visual Studio
  • Visual Studio Code

Workflow & Orchestration Tools

 

Click logo to learn more:

 

SAML Solutions

 

Click logo to learn more:

  • OKTA
  • PingOne
  • SAML Integrations for Veracode Platform

Java API



Wraps Veracode Web API's, packaged and ready to be used in Java as a stand-alone command line tool or referenced as a Java library

 


C# API



  • Wraps Veracode Web API's, packaged and ready to be used in as a stand-alone command line tool or referenced as a .NET library

    Learn More

    To learn more, please visit the C# API page on the Veracode Community.

 


Bugzilla



Veracode's plugin for Bugzilla enables you to import the application flaws Veracode discovers into the Bugzilla defect tracking system.

 


Rally



The Veracode Integration for Rally provides systematic reporting of the security flaws found in Veracode scans and imports them as defects into Rally. This service automates the process of creating a defect with Rally based on the results of the latest Veracode scan.

 


Jira Integration (Server, Data Center, and Cloud Editions)



Veracode’s integration with Atlassian Jira enables you to manage Veracode security findings from within Jira. Veracode’s defect tracking integration with Jira can automatically create a defect for each new security finding with no buttons to push.


ThreadFix



Veracode integrates with ThreadFix to provide static analysis of proprietary and third party code and dynamic analysis for web applications.


Kenna Security



Veracode's plugin for Kenna Security enables you to import the application flaws Veracode discovers into the Kenna Security defect tracking system.

 


Jenkins



The Veracode integration for Jenkins contributes a "Post-Build" action that can be used to configure jobs to upload binaries to Veracode after a build is complete.


Microsoft Team Foundation Server



Veracode enables you to build software securely at the speed of DevOps, providing application security in development, the release pipeline, and production. The Microsoft Team Foundation Server integrates the automated processes of Veracode Static Analysis and Veracode Software Composition Analysis, to deliver fast, repeatable results, into your DevOps workflows.

 


Azure DevOps



Veracode enables you to build software securely at the speed of DevOps, providing application security in development, the release pipeline, and production. The Veracode Azure DevOps extension integrates the automated processes of Veracode Static Analysis and Veracode Software Composition Analysis, to deliver fast, repeatable results, into your Azure DevOps workflows.

 


Bamboo



The Veracode Bamboo Integration seamlessly adds Veracode scanning into the existing build processes for your Software Development Life Cycle (SDLC).


Apache Ant



You can use Veracode APIs to integrate with your Ant build server to seamlessly integrate Veracode into the existing build processes that you use in your Software Development Life Cycle (SDLC).


Apache Maven



You can use Veracode APIs to integrate Veracode with your Maven build server. The integration seamlessly adds static scanning into the existing build processes that you use in your Software Development Life Cycle (SDLC).


TeamCity



TeamCity is a continuous integration tool that developers use to automate and manage the build process. The Veracode TeamCity Plugin enables you to also scan your code with Veracode as part of the build process.


Gradle



The Veracode Gradle plugin allows you to automate the scanning of your Gradle repositories. The results of plugin scans can be optionally uploaded to Veracode Scan platform to a specific organization or to your personal environment


CircleCI



Veracode integrates into the build process to prevent the delivery of insecure software to production. You can run Veracode scans inside your build and delivery workflow with CircleCI.


Codeship



Veracode integrates into the build process to prevent the delivery of insecure software to production. You can run Veracode scans inside your build and delivery workflow with CodeShip.


Bitbucket



Veracode integrates into the build process to prevent the delivery of insecure software to production. You can run Veracode scans inside your build and delivery workflow with Bitbucket.


GitLab CI



Veracode integrates into the build process to prevent the delivery of insecure software to production. You can run Veracode scans inside your build and delivery workflow with GitLab CI.


TravisCI



Veracode integrates into the build process to prevent the delivery of insecure software to production. You can run Veracode scans inside your build and delivery workflow with TravisCI


Hygieia



Veracode integrates with Hygieia so you can bring your scan results from Jenkins into the Hygieia dashboard, so you can get your results where you want them.


Eclipse



Veracode for Eclipse enables you to upload binaries to the Veracode Platform for static security analysis and work with the scan results from within the Eclipse IDE to provide easy and quick information about potential security flaws in your applications.


IntelliJ



Veracode for IntelliJ enables you to upload binaries to the Veracode Platform for static security analysis and work with the scan results from within IntelliJ IDEA to provide easy and quick information about potential security findings in your applications.


Visual Studio



Veracode for Visual Studio finds security defects in your code and provide contextual remediation advice in seconds to help you fix issues directly in your editor. With Veracode for Visual Studio, find issues early, reduce development and remedation costs, and deploy secure code. Veracode for Visual Studio enables you to upload binaries to the Veracode Platform for static security analysis and work with the scan results from within Visual Studio.


Visual Studio Code



Veracode for Visual Studio Code finds security defects in your code and provide contextual remediation advice in seconds to help you fix issues directly in your editor. With Veracode for Visual Studio Code, find issues early, reduce development and remediation costs, and deploy secure code. Veracode for Visual Studio enables you to upload binaries to the Veracode Platform for static security analysis and work with the scan results from within Visual Studio.

  • Veracode Products Supported

    The Visual Studio plugin works with Veracode Greenlight.

    Learn More

    To learn more including viewing install documentation, instructional videos and more, please visit the Visual Studio Code page on the Veracode Community.


Okta



Veracode for Okta enables you to use SSO for sofware composition analysis scans and access the Veracode Platform, which allows you to revoke user access and create users on-demand

  • Veracode Products Supported

    The Okta plugin works with Veracode Software Composition Analysis and the Veracode Platform

    Learn More

    To learn more including viewing install documentation, instructional videos and more, please visit the Okta page on the Veracode Community.


PingOne



Veracode for PingOne enables you to use SSO for sofware composition analysis scans and access the Veracode Platform, which allows you to revoke user access and create users on-demand.

  • Veracode Products Supported

    The PingOne plugin works with Veracode Software Composition Analysis and the Veracode Platform

    Learn More

    To learn more including viewing install documentation, instructional videos and more, please visit the PingOne page on the Veracode Community.


Veracode



The Veracode Platform supports single sign-on using the SAML 2.0 standard, which enables you to utilize your SSO after reaching out to the Veracode Technical Support team.

  • Veracode Products Supported

    This integration works with the Veracode Platform

    Learn More

    To learn more including viewing install documentation, instructional videos and more, please visit the Veracode page on the Veracode Community.


Imperva



Veracode for Imperva enables you to export the vulnerabilities found in our dynamic analysis into the Imperva SecureSphere management console, where they can be converted into rules and uploaded to the WAF.

  • Veracode Products Supported

    The Imperva plugin works with Veracode Dynamic Analysis

    Learn More

    To learn more including viewing install documentation, instructional videos and more, please visit the Imperva page on the Veracode Community.


ModSecurity



Veracode for ModSecurity enables you to equip your WAF with rules that attempt to block vulnerabilities identified in your dynamic analysis.

  • Veracode Products Supported

    The ModSecurity plugin works with Veracode Dynamic Analysis

    Learn More

    To learn more including viewing install documentation, instructional videos and more, please visit the ModSecurity page on the Veracode Community.


Automic Automation



Veracode for Automic Automation enables you to manage users, create summary reports, start scans, and create application profiles from within Automic Automation.

  • Veracode Products Supported

    The Java API plugin works with Veracode Static Analysis and Veracode Dynamic Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the Java API page on the Veracode Community.

 

  • Veracode Products Supported

    The Bugzilla plugin works with Veracode Static Analysis and Veracode Dynamic Analysis.

    Learn More

    To learn more including viewing install documentation, instructional videos and more, please visit the Bugzilla page on the Veracode Community.

 

  • Veracode Products Supported

    The Rally plugin works with Veracode Static Analysis and Veracode Software Composition Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the Rally page on the Veracode Community.

 

  • Features

    • Automatically create new Jira tickets for Veracode security findings
    • Import all findings, or only those affecting policy — or chose from other import options
    • Get remediation guidance right in the ticket
    • Navigate with one click from the Jira ticket to the finding in the Veracode Platform
    • Update and close Jira tickets as findings are fixed or mitigated in the Veracode Platform
    • Assign tickets to the next fix version, specific developers, and more options available
    • Label tickets by CWE or flaw severity for easier ticket management
    • Set volume threshold to limit number of tickets imported
    • Import manually or on a schedule
    • Map Veracode info to Jira data fields
    • Check documentation for which features are supported for each edition
  • Veracode Products Supported

    The Jira plugin works with Veracode Static Analysis and Veracode Dynamic Analysis.

    Learn More

    To learn more including viewing install documentation, instructional videos and more, please visit the Jira Server page on the Veracode Community.

    To learn more including viewing install documentation, instructional videos and more, please visit the Jira Cloud page on the Veracode Community.

 

  • Veracode Products Supported

    The ThreadFix plugin works with Veracode Static Analysis, Veracode Software Composition Analysis and Veracode Dynamic Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the ThreadFix page on the Veracode Community.

 

  • Veracode Products Supported

    The Kenna Security plugin works with Veracode Static Analysis and Veracode Software Composition Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the Kenna Security page on the Veracode Community.

 

  • Veracode Products Supported

    The Jenkins plugin works with Veracode Static Analysis, Veracode Dynamic Analysis, Veracode Software Composition Analysis, and Veracode Interactive Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the Jenkins page on the Veracode Community.

 

  • Veracode Products Supported

    The Azure DevOps plugin works with Veracode Static Analysis and Veracode Software Composition Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the Azure DevOps page on the Veracode Community.

 

  • Veracode Products Supported

    The Bamboo plugin works with Veracode Static Analysis and Veracode Software Composition Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the Bamboo page on the Veracode Community.

 

  • Veracode Products Supported

    The Apache Ant plugin works with Veracode Static Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the Apache Ant page on the Veracode Community.

 

  • Veracode Products Supported

    The Apache Maven plugin works with Veracode Static Analysis and Veracode Software Composition Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the Apache Maven page on the Veracode Community.

 

  • Veracode Products Supported

    The TeamCity plugin works with Veracode Static Analysis and Veracode Software Composition Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the TeamCity page on the Veracode Community.

 

  • Veracode Products Supported

    The Gradle plugin works with Veracode Software Composition Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the Gradle page on the Veracode Community.

 

  • Veracode Products Supported

    The CircleCI plugin works with Veracode Static Analysis and Veracode Software Composition Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the CircleCI page on the Veracode Community.

 

  • Veracode Products Supported

    The Codehship plugin works with Veracode Software Composition Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the Codehship page on the Veracode Community.

 

  • Veracode Products Supported

    The Bitbucket plugin works with Veracode Static Analysis and Veracode Software Composition Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the Bitbucket page on the Veracode Community.

 

  • Veracode Products Supported

    The GitLab CI plugin works with Veracode Static Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the GitLab CI page on the Veracode Community.

 

  • Veracode Products Supported

    The TravisCI plugin works with Veracode Static Analysis and Veracode Software Composition Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the TravisCI page on the Veracode Community.

 

Get A Demo