Develop Secure Software Faster
Integrate Veracode With Your Business

Integrate Application Security Into Your SDLC



Developers and security teams are both challenged to meet security goals in complex environments. Developers already need to manage many separate tools; new AppSec tools that do not integrate well or lack flexible APIs and customizable integrations are met with low adoption, high distraction and a steep learning curve.  Likewise, security teams often seek to protect against AppSec vulnerabilities with a web application firewall and are challenged to integrate risk data and program metrics across disconnected AppSec tools without manual effort. As more organizations move to DevOps and reap the automation and speed benefits, AppSec solutions need to keep up or risk being left behind.

Click boxes below to see more:

  1. CODE
  2. BUILD
  3. TEST
  4. DEPLOY
  5. OPERATE
Click below to see more :

Learn More AboutArrow

API & API WRAPPERS


Click logo to learn more:

  • Java
  • Integrations C#

TICKETING & BUG TRACKING


Click logo to learn more:

Integration Code Samples


Veracode's open APIs have enabled customers, partners, and end users to build integrations to other tools and systems to automate scanning with Veracode. These integrations are not supported by Veracode, but if your team is using one of these tools you may want to check these out. New code samples are developed by our customers and community members all the time, for a full list of available code samples, please visit the Veracode GitHub page

CI/CD Systems


Click logo to learn more:

GRC System


Click logo to learn more:

Web Application Firewalls


Click logo to learn more:

Developer IDE Plug-Ins


Click logo to learn more:

  • Eclipse
  • Intelli-J
  • Integration Visual Studio

Workflow & Orchestration Tools


Click logo to learn more:

 

SAML Solutions


Click logo to learn more:

  • OKTA
  • PingOne
  • SAML Integrations for Veracode Platform

Java API



Wraps Veracode Web API's, packaged and ready to be used in Java as a stand-alone command line tool or referenced as a Java library

 


C# API



Wraps Veracode Web API's, packaged and ready to be used in as a stand-alone command line tool or referenced as a .NET library

 


Bugzilla



Veracode's plugin for Bugzilla enables you to import the application flaws Veracode discovers into the Bugzilla defect tracking system.

 


Rally



The Veracode Integration for Rally provides systematic reporting of the security flaws found in Veracode scans and imports them as defects into Rally. This service automates the process of creating a defect with Rally based on the results of the latest Veracode scan.

 


Jira Integration (Server, Data Center, and Cloud Editions)



Veracode’s integration with Atlassian Jira enables you to manage Veracode security findings from within Jira. Veracode’s defect tracking integration with Jira can automatically create a defect for each new security finding with no buttons to push.


Micro Focus Application Lifecycle Management (ALM) Integration



Veracode’s plugin for the Micro Focus Application Lifecycle Manager (ALM) enables you to import into Micro Focus ALM all the flaws that Veracode finds in a Veracode Static Analysis or Veracode Dynamic Analysis scan.


Microsoft Visual Studio Integration



Veracode for Visual Studio Code finds security defects in your code and provides contextual remediation advice in seconds to help you fix issues directly in your editor. With Veracode for Visual Studio Code, find issues early, reduce development and remediation costs, and deploy quality code.

 


ThreadFix



Veracode integrates with ThreadFix to provide static analysis of proprietary and third party code and dynamic analysis for web applications.


Kenna Security



Veracode's plugin for Kenna Security enables you to import the application flaws Veracode discovers into the Kenna Security defect tracking system.

 


Jenkins



The Veracode integration for Jenkins contributes a "Post-Build" action that can be used to configure jobs to upload binaries to Veracode after a build is complete.


Microsoft Team Foundation Server



Veracode enables you to build software securely at the speed of DevOps, providing application security in development, the release pipeline, and production. The Veracode Team Foundation Server integrates the automated processes of Veracode Static Analysis and Veracode Software Composition Analysis, to deliver fast, repeatable results, into your DevOps workflows.

 


Azure DevOps



Veracode enables you to build software securely at the speed of DevOps, providing application security in development, the release pipeline, and production. The Veracode Azure DevOps extension integrates the automated processes of Veracode Static Analysis and Veracode Software Composition Analysis, to deliver fast, repeatable results, into your Azure DevOps workflows.

 


Bamboo



The Veracode Bamboo Integration seamlessly adds Veracode scanning into the existing build processes for your Software Development Life Cycle (SDLC).


Apache Ant



You can use Veracode APIs to integrate with your Ant build server to seamlessly integrate Veracode into the existing build processes that you use in your Software Development Life Cycle (SDLC).


Apache Maven



You can use Veracode APIs to integrate Veracode with your Maven build server. The integration seamlessly adds static scanning into the existing build processes that you use in your Software Development Life Cycle (SDLC).


CA Automic Continuous Delivery Director



This Veracode plug-in lets you run a dynamic security scan for a deployed Web application using CA Automic Continuous Delivery Director.


TeamCity



TeamCity is a continuous integration tool that developers use to automate and manage the build process. The Veracode TeamCity Plugin enables you to also scan your code with Veracode as part of the build process.


Gradle



The Veracode Gradle plugin allows you to automate the scanning of your Gradle repositories. The results of plugin scans can be optionally uploaded to Veracode Scan platform to a specific organization or to your personal environment


CircleCI



Veracode integrates into the build process to prevent the delivery of insecure software to production. You can run Veracode scans inside your build and delivery workflow with CircleCI.


Codeship



Veracode integrates into the build process to prevent the delivery of insecure software to production. You can run Veracode scans inside your build and delivery workflow with CodeShip.


Bitbucket



Veracode integrates into the build process to prevent the delivery of insecure software to production. You can run Veracode scans inside your build and delivery workflow with Bitbucket.


GitLab CI



Veracode integrates into the build process to prevent the delivery of insecure software to production. You can run Veracode scans inside your build and delivery workflow with GitLab CI.


TravisCI



Veracode integrates into the build process to prevent the delivery of insecure software to production. You can run Veracode scans inside your build and delivery workflow with TravisCI


Hygieia



Veracode integrates with Hygieia so you can bring your scan results from Jenkins into the Hygieia dashboard, so you can get your results where you want them.

  • Veracode Products Supported

    The Java API plugin works with Veracode Static Analysis and Veracode Dynamic Analysis.

    Integration Support Type

    Veracode develops, supports and maintains the Java API plugin.

    Learn More

    To learn more including viewing install documentation, please visit the Java API page on the Veracode Community.

  • Veracode Products Supported

    The Bugzilla plugin works with Veracode Static Analysis and Veracode Dynamic Analysis.

    Integration Support Type

    Veracode develops, supports and maintains the Bugzilla plugin.

    Learn More

    To learn more including viewing install documentation, instructional videos and more, please visit the Bugzilla page on the Veracode Community.

  • Veracode Products Supported

    The Rally plugin works with Veracode Static Analysis and Veracode Software Composition Analysis.

    Integration Support Type

    Veracode maintains the Rally plugin.

    Learn More

    To learn more including viewing install documentation, please visit the Rally page on the Veracode Community.

 

  • Features

    • Automatically create new Jira tickets for Veracode security findings
    • Import all findings, or only those affecting policy — or chose from other import options
    • Get remediation guidance right in the ticket
    • Navigate with one click from the Jira ticket to the finding in the Veracode Platform
    • Update and close Jira tickets as findings are fixed or mitigated in the Veracode Platform
    • Assign tickets to the next fix version, specific developers, and more options available
    • Label tickets by CWE or flaw severity for easier ticket management
    • Set volume threshold to limit number of tickets imported
    • Import manually or on a schedule
    • Map Veracode info to Jira data fields
    • Check documentation for which features are supported for each edition
  • Veracode Products Supported

    The Jira plugin works with Veracode Static Analysis and Veracode Dynamic Analysis.

    Integration Support Type

    Veracode develops, supports and maintains the Jira plugin.

    Learn More

    To learn more including viewing install documentation, instructional videos and more, please visit the Jira page on the Veracode Community.

 

  • Veracode Products Supported

    The Micro Focus ALM plugin works with Veracode Static Analysis and Veracode Dynamic Analysis.

    Integration Support Type

    Veracode develops, supports and maintains the Micro Focus ALM plugin.

    Learn More

    To learn more including viewing install documentation, please visit the Micro Focus ALM page on the Veracode Community.

  • Veracode Products Supported

    The Visual Studio plugin works with Veracode Static Analysis, Dynamic Analysis and Greenlight.

    Integration Support Type

    Veracode develops, supports and maintains the Visual Studio plugin.

    Learn More

    To learn more including viewing install documentation, instructional videos and more, please visit the Visual Studio page on the Veracode Community.

  • Veracode Products Supported

    The ThreadFix plugin works with Veracode Static Analysis, Veracode Software Composition Analysis and Veracode Dynamic Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the ThreadFix page on the Veracode Community.

 

  • Veracode Products Supported

    The Kenna Security plugin works with Veracode Static Analysis and Veracode Dynamic Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the Kenna Security page on the Veracode Community.

 

  • Veracode Products Supported

    The Jenkins plugin works with Veracode Static Analysis, Veracode Dynamic Analysis, Veracode Software Composition Analysis, and Veracode Interactive Analysis.

    Integration Support Type

    Veracode develops, supports and maintains the Jenkins plugin.

    Learn More

    To learn more including viewing install documentation, please visit the Jenkins page on the Veracode Community.

 

  • Veracode Products Supported

    The Microsoft Team Foundation Server plugin works with Veracode Static Analysis and Veracode Software Composition Analysis.

    Integration Support Type

    Veracode develops, supports and maintains the Microsoft Team Foundation Server plugin.

    Learn More

    To learn more including viewing install documentation, please visit the Microsoft Team Foundation Server page on the Veracode Community.

 

  • Veracode Products Supported

    The Azure DevOps plugin works with Veracode Static Analysis and Veracode Software Composition Analysis.

    Integration Support Type

    Veracode develops, supports and maintains the Azure DevOps plugin.

    Learn More

    To learn more including viewing install documentation, please visit the Azure DevOps page on the Veracode Community.

 

  • Veracode Products Supported

    The Bamboo plugin works with Veracode Static Analysis and Veracode Software Composition Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the Bamboo page on the Veracode Community.

 

  • Veracode Products Supported

    The Apache Ant plugin works with Veracode Static Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the Apache Ant page on the Veracode Community.

 

  • Veracode Products Supported

    The Apache Maven plugin works with Veracode Static Analysis and Veracode Software Composition Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the Apache Maven page on the Veracode Community.

 

 

  • Veracode Products Supported

    The TeamCity plugin works with Veracode Static Analysis and Veracode Software Composition Analysis.

    Integration Support Type

    Veracode maintains the TeamCity plugin.

    Learn More

    To learn more including viewing install documentation, please visit the TeamCity page on the Veracode Community.

 

  • Veracode Products Supported

    The Gradle plugin works with Veracode Software Composition Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the Gradle page on the Veracode Community.

 

  • Veracode Products Supported

    The CircleCI plugin works with Veracode Static Analysis and Veracode Software Composition Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the CircleCI page on the Veracode Community.

 

  • Veracode Products Supported

    The Codehship plugin works with Veracode Software Composition Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the Codehship page on the Veracode Community.

 

  • Veracode Products Supported

    The Bitbucket plugin works with Veracode Static Analysis and Veracode Software Composition Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the Bitbucket page on the Veracode Community.

 

  • Veracode Products Supported

    The GitLab CI plugin works with Veracode Static Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the GitLab CI page on the Veracode Community.

 

  • Veracode Products Supported

    The TravisCI plugin works with Veracode Static Analysis and Veracode Software Composition Analysis.

    Learn More

    To learn more including viewing install documentation, please visit the TravisCI page on the Veracode Community.

 

 

Get A Demo

 

 

  • Integrate with Veracode's APIs

    Need to start Veracode scans or consume Veracode scan results from a different system? Just want to script the process to make it easier? Veracode provides web-native APIs that allow for full automation of the scanning lifecycle, consumption of results and even provisioning and maintenance of Veracode platform user accounts. And you can use a pre-built wrapper library for Java or .NET to include our APIs in your project. Veracode’s API customers have already integrated us into many additional SDLC, DevOps and GRC tools including Bamboo, Bugzilla, TeamCity, Ansible and Hygieia.

  • Integrate with an industry-leading solution that’s built for DevOps

    Unlike manual code reviews or penetration tests, Veracode Static Analysis and Veracode Software Composition Analysis are automated processes delivering fast, repeatable, low-noise results. When scanning entire applications in DevOps-friendly languages, more than 70 percent of scans complete in under an hour, and scans of microservices return more quickly. You can check for vulnerabilities in your open source components in the same scan, without requiring additional integration effort into your continuous integration pipeline. It’s all backed by the Veracode Application Security Platform, which has assessed over 2 trillion lines of code in 15 languages and 50 frameworks.