Skip to main content
May 27, 2014

Secure Agile Q&A: API’s, IDE’s and Environment Integration

cloud plugin

A few weeks back, I hosted a webinar called “Secure Agile Through Automated Toolchains: How Veracode R&D Does It”, and in this webinar I discussed the importance of security testing and how to integrate it into the Agile SDLC. There were so many questions from our open discussion following the webinar that I have taken this time to follow up with them. Thank you to everyone who attended the live webinar, and now on to your questions:

Q: Can you upload non-compiled applications, from the IDE, using the IDE plugins? A: Yes, you can upload any kind of document through both the Eclipse and Visual Studio IDE plugins. It is also possible to create other plugins using our Integrations SDK.

Q: What other Continuous Integration tools do you have a plugin for? A: Veracode has the ability to integrate with several Continuous Integration environments. Our Jenkins Plug-In makes it easy to automate uploading to Veracode from your CI environment. In addition, Veracode provides APIs and how-to instructions for automating Veracode upload into Microsoft Team Foundation Server (TFS), Maven and Bamboo CI environments.

Q: Do you have any plugins for Visual Studio which can be integrated with Sandbox and JIRA?visual studio A: The current version of Visual Studio cannot be integrated with Sandbox, but we plan to provide this functionality in the near future. There is no specific integration between Visual Studio plugin and JIRA. You can use the Visual Studio plugin to download scan results directly from the Veracode Platform.

Q: My company is a Microsoft shop - when will these tools be ready for Visual Studio/TFS environment? Instructions for integration of the Veracode service with Microsoft Team Foundation Server (TFS) are available today in the Veracode Online Help. We want to develop an end-to-end workflow that follows the process described in the Webinar. The goal is to provide it in the second half of the year. intellijidea

Q: Will you also be providing an IntelliJ IDEA integration SDK? A: At this point we do not have plans to provide a plugin for InteliJ IDEA. The goal of the SDK is to assist with integration into environments that are not supported out of the box.

Q: Do you have a reference implementation using TeamCity instead of Jenkins? A: We do not have a reference implementation for TeamCity. We recommend using our API wrapper to integrate Veracode with TeamCity. Please see our Integrations SDK for more information.

This concludes this first round of Q&A from “Secure Agile Through Automated Toolchains: How Veracode R&D Does It”. Be sure to check out the on-demand webinar if you missed it, and come back here soon for more of this Q&A. view the webinar While you wait for part two, you might also be interested in a webinar from my colleagues Chris Eng, Veracode’s VP of Research, and Senior Security Researcher, Ryan O’Boyle titled "Building Security Into the Agile SDLC: View from the Trenches". Chris and Ryan discuss how we’ve embedded security into our own Agile Scrum processes – to rapidly deliver new applications without exposing them to critical vulnerabilities. If you have any more questions regarding anything from the webinar, I would love to hear from you in the comments section below.

As Director of Developer Engagement, Pete provides customers with practical advice on how to successfully roll out developer-centric application security programs. Relying on more than 10 years of direct AppSec experience as both a developer and development leader, Pete provides information on best practices amassed from working with Veracode’s 1,000+ customers.

Pete joined Veracode in 2006 as a platform developer and was instrumental in delivering the first version of Veracode’s service to customers. Later, as Director of Platform Engineering, Pete managed the Agile teams responsible for delivering Veracode’s SaaS platform and built the first DevOps team.  Pete also spearheaded Veracode’s initiative to automate the use of Veracode products into the company’s development processes. Using this experience, he has spoken with hundreds of Veracode customers to help them set up similar programs.

Pete has more than 25 years’ experience developing software and has been developing web applications since 1996, including one of the first applications to be delivered through a web interface. 

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.