SlideShare a Scribd company logo

Veracode Automation CLI (using Jenkins for SDL integration)

Dinis Cruz
Dinis Cruz

The Veracode Automation CLI is designed to automate application security scans and integrate them into CI/CD processes using Jenkins. It offers features such as listing applications, managing builds, and triggering scans, all while leveraging existing REST APIs. The CLI is hosted on GitHub and aims to improve productivity by simplifying scan script creation and results management.

Technology
1 of 16
Downloaded 32 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
v0.5 (nov 2016) Veracode Automation CLI
VERACODE AUTOMATION CLI Why? ▸ Automate Application Security Scans ▸ Embed security scans in CI ▸ Based on Jenkins build pipeline ▸ Leverage central AppSec skills and distributed (one per app) network of Security Champions
VERACODE CLI
VERACODE AUTOMATION CLI Veracode CLI ▸ Based on existing official REST API ▸ Hosted on GitHub, released under Apache 2.0 license ▸ https://github.com/DinisCruz/veracode-api ▸ Created to improve productivity and to allow easy creation of scan scripts
 
 
 
 ▸ Provides easy access to apps, scans, builds and results
VERACODE AUTOMATION CLI List existing applications and builds
VERACODE AUTOMATION CLI Current scan status
VERACODE AUTOMATION CLI Create app, upload file, trigger scan, download, delete app
JENKINS INTEGRATION
VERACODE AUTOMATION CLI Product Jenkins job triggers scan (on code push)
VERACODE AUTOMATION CLI Simple configuration
VERACODE AUTOMATION CLI Jenkins job to Download reports ▸ Runs every x minutes (at the moment set to 15m)
VERACODE AUTOMATION CLI Downloads reports that are ready, deletes app
VERACODE AUTOMATION CLI Results stored in GitHub (pushed from Jenkins)
CONCURRENT SCANS
VERACODE AUTOMATION CLI Scans
Thanks

More Related Content

What's hot (20)

PDF
Veracode - Overview
Stephen Durrant
 
PDF
VPCのアウトバウンド通信を制御するためにおさえておきたい設計ポイント
Takuya Takaseki
 
PDF
DevOpsに求められる様々な技術とその連携の学習方法
CASAREAL, Inc.
 
PDF
[AKIBA.AWS] VPCをネットワーク図で理解してみる
Shuji Kikuchi
 
PDF
Azure Backup と Azure Site Recovery
Junji Yamamoto
 
PPTX
Cache勉強会
Shinji Miyazato
 
PPSX
Zero-Trust SASE DevSecOps
Araf Karsh Hamid
 
PPTX
AWS FIS の実験テンプレートを書いてみよう!!
政雄 金森
 
PDF
カスタマーサポートにおけるAIチャットボットの導入
Rakuten Group, Inc.
 
PDF
Cloud computing
ACCESS Health Digital
 
PDF
Zero trust in a hybrid architecture
Hybrid IT Europe
 
PDF
A07_ビジネス イノベーションを強力に支援する Azure Red Hat OpenShift のススメ [Microsoft Japan Digita...
日本マイクロソフト株式会社
 
PPTX
Virtualization And Containerization.pptx
SMIT PAREKH
 
PDF
Cloud Computing Architecture with Open Nebula - HPC Cloud Use Cases - NASA A...
Ignacio M. Llorente
 
PPT
msr_以降のアーキテクチャ
default Takakuni
 
PDF
最新Active DirectoryによるIDMaaSとハイブリッド認証基盤の実現
junichi anno
 
PDF
AWS Black Belt Techシリーズ Amazon VPC
Amazon Web Services Japan
 
PDF
Google Cloud で実践する SRE
Google Cloud Platform - Japan
 
PDF
Jenkins with Docker
Yahoo!デベロッパーネットワーク
 
PPTX
「Ansible on Azure入門」資料
Hidetoshi Hirokawa
 
Veracode - Overview
Stephen Durrant
 
VPCのアウトバウンド通信を制御するためにおさえておきたい設計ポイント
Takuya Takaseki
 
DevOpsに求められる様々な技術とその連携の学習方法
CASAREAL, Inc.
 
[AKIBA.AWS] VPCをネットワーク図で理解してみる
Shuji Kikuchi
 
Azure Backup と Azure Site Recovery
Junji Yamamoto
 
Cache勉強会
Shinji Miyazato
 
Zero-Trust SASE DevSecOps
Araf Karsh Hamid
 
AWS FIS の実験テンプレートを書いてみよう!!
政雄 金森
 
カスタマーサポートにおけるAIチャットボットの導入
Rakuten Group, Inc.
 
Cloud computing
ACCESS Health Digital
 
Zero trust in a hybrid architecture
Hybrid IT Europe
 
A07_ビジネス イノベーションを強力に支援する Azure Red Hat OpenShift のススメ [Microsoft Japan Digita...
日本マイクロソフト株式会社
 
Virtualization And Containerization.pptx
SMIT PAREKH
 
Cloud Computing Architecture with Open Nebula - HPC Cloud Use Cases - NASA A...
Ignacio M. Llorente
 
msr_以降のアーキテクチャ
default Takakuni
 
最新Active DirectoryによるIDMaaSとハイブリッド認証基盤の実現
junichi anno
 
AWS Black Belt Techシリーズ Amazon VPC
Amazon Web Services Japan
 
Google Cloud で実践する SRE
Google Cloud Platform - Japan
 
Jenkins with Docker
Yahoo!デベロッパーネットワーク
 
「Ansible on Azure入門」資料
Hidetoshi Hirokawa
 

Viewers also liked (20)

PDF
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
Threat Stack
 
PDF
SecDevOps Risk Workflow - v0.6
Dinis Cruz
 
PDF
Hacking Portugal , C-days 2016 , v1.0
Dinis Cruz
 
PDF
Security champions v1.0
Dinis Cruz
 
PDF
Legacy-SecDevOps (AppSec Management Debrief)
Dinis Cruz
 
PDF
Owasp summit 2017
Dinis Cruz
 
PDF
SC conference - Building AppSec Teams
Dinis Cruz
 
PDF
Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Dinis Cruz
 
PDF
Security in a Continuous Delivery World
Dinis Cruz
 
PPTX
Making threat modeling so easy
Dinis Cruz
 
PDF
NodeJS security - still unsafe at most speeds - v1.0
Dinis Cruz
 
PDF
Healthcare application-security-practices-survey-veracode
Veracode
 
PDF
Surrogate dependencies (in node js) v1.0
Dinis Cruz
 
PDF
From document-to-code
Hiroaki NAKADA
 
PDF
GPG Signing Git Commits
Dinis Cruz
 
ODP
Introduction to OWASP & Web Application Security
OWASPKerala
 
PPTX
Veracode - Inglês
DeServ - Tecnologia e Servços
 
PDF
OWASP Top Ten in Practice
Security Innovation
 
PPTX
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Salil Kumar Subramony
 
ODP
Building an Open Source AppSec Pipeline
Matt Tesauro
 
8 Patterns For Continuous Code Security by Veracode CTO Chris Wysopal
Threat Stack
 
SecDevOps Risk Workflow - v0.6
Dinis Cruz
 
Hacking Portugal , C-days 2016 , v1.0
Dinis Cruz
 
Security champions v1.0
Dinis Cruz
 
Legacy-SecDevOps (AppSec Management Debrief)
Dinis Cruz
 
Owasp summit 2017
Dinis Cruz
 
SC conference - Building AppSec Teams
Dinis Cruz
 
Using jira to manage risks v1.0 - owasp app sec eu - june 2016
Dinis Cruz
 
Security in a Continuous Delivery World
Dinis Cruz
 
Making threat modeling so easy
Dinis Cruz
 
NodeJS security - still unsafe at most speeds - v1.0
Dinis Cruz
 
Healthcare application-security-practices-survey-veracode
Veracode
 
Surrogate dependencies (in node js) v1.0
Dinis Cruz
 
From document-to-code
Hiroaki NAKADA
 
GPG Signing Git Commits
Dinis Cruz
 
Introduction to OWASP & Web Application Security
OWASPKerala
 
Veracode - Inglês
DeServ - Tecnologia e Servços
 
OWASP Top Ten in Practice
Security Innovation
 
Secure Code review - Veracode SaaS Platform - Saudi Green Method
Salil Kumar Subramony
 
Building an Open Source AppSec Pipeline
Matt Tesauro
 
Ad

Similar to Veracode Automation CLI (using Jenkins for SDL integration) (20)

PDF
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...
Christian Schneider
 
PDF
DevOpsDaysRiga 2017: Dmitry Buzdin - Delivery Pipeline for Windows Machines
DevOpsDays Riga
 
PDF
Delivery Pipeline for Windows Machines
Dmitry Buzdin
 
PDF
Omaha (Google Update) server
Dmitry Lyfar
 
PDF
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Christian Schneider
 
PPTX
El camino a las Cloud Native Apps - Application modernization on Azure with c...
Plain Concepts
 
PDF
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
Agile Testing Alliance
 
PPTX
Containers and Kubernetes
Nills Franssens
 
PDF
Containerizing your Security Operations Center
Jimmy Mesta
 
PPTX
WinOps 2017 - Docker on Windows, the Beginner's Guide
Elton Stoneman
 
PDF
CI&CD on AWS - Meetup Roma Oct 2016
Paolo latella
 
PPTX
Continuous delivery with azure app service
Nabeel Khan
 
PDF
Veracode Integration Adapter - Datasheet
Kovair
 
PDF
Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...
Christian Schneider
 
PPTX
Making Security Agile
Oleg Gryb
 
PPTX
How to implement DevSecOps on AWS for startups
Aleksandr Maklakov
 
PPTX
CI Implementation with Kubernetes at LivePerson by Saar Demri
DoiT International
 
PDF
DevSecOps | DevOps Sec
Rubal Jain
 
PDF
AWS DevOps Event - AWS Services enabling DevOps - Continuous Integration & Au...
Ian Massingham
 
PDF
A sail in the cloud
Kamesh Sampath
 
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...
Christian Schneider
 
DevOpsDaysRiga 2017: Dmitry Buzdin - Delivery Pipeline for Windows Machines
DevOpsDays Riga
 
Delivery Pipeline for Windows Machines
Dmitry Buzdin
 
Omaha (Google Update) server
Dmitry Lyfar
 
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Christian Schneider
 
El camino a las Cloud Native Apps - Application modernization on Azure with c...
Plain Concepts
 
#ATAGTR2019 Presentation "DevSecOps with GitLab" By Avishkar Nikale
Agile Testing Alliance
 
Containers and Kubernetes
Nills Franssens
 
Containerizing your Security Operations Center
Jimmy Mesta
 
WinOps 2017 - Docker on Windows, the Beginner's Guide
Elton Stoneman
 
CI&CD on AWS - Meetup Roma Oct 2016
Paolo latella
 
Continuous delivery with azure app service
Nabeel Khan
 
Veracode Integration Adapter - Datasheet
Kovair
 
Security DevOps - Wie Sie in agilen Projekten trotzdem sicher bleiben // DevO...
Christian Schneider
 
Making Security Agile
Oleg Gryb
 
How to implement DevSecOps on AWS for startups
Aleksandr Maklakov
 
CI Implementation with Kubernetes at LivePerson by Saar Demri
DoiT International
 
DevSecOps | DevOps Sec
Rubal Jain
 
AWS DevOps Event - AWS Services enabling DevOps - Continuous Integration & Au...
Ian Massingham
 
A sail in the cloud
Kamesh Sampath
 
Ad

More from Dinis Cruz (20)

PDF
Map camp - Why context is your crown jewels (Wardley Maps and Threat Modeling)
Dinis Cruz
 
PDF
Glasswall - Safety and Integrity Through Trusted Files
Dinis Cruz
 
PDF
Glasswall - How to Prevent, Detect and React to Ransomware incidents
Dinis Cruz
 
PDF
The benefits of police and industry investigation - NPCC Conference
Dinis Cruz
 
PDF
Serverless Security Workflows - cyber talks - 19th nov 2019
Dinis Cruz
 
PDF
Modern security using graphs, automation and data science
Dinis Cruz
 
PDF
Using Wardley Maps to Understand Security's Landscape and Strategy
Dinis Cruz
 
PDF
Dinis Cruz (CV) - CISO and Transformation Agent v1.2
Dinis Cruz
 
PDF
Making fact based decisions and 4 board decisions (Oct 2019)
Dinis Cruz
 
PDF
CISO Application presentation - Babylon health security
Dinis Cruz
 
PDF
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Dinis Cruz
 
PDF
GSBot Commands (Slack Bot used to access Jira data)
Dinis Cruz
 
PDF
(OLD VERSION) Dinis Cruz (CV) - CISO and Transformation Agent v0.6
Dinis Cruz
 
PDF
OSBot - Data transformation workflow (from GSheet to Jupyter)
Dinis Cruz
 
PDF
Jira schemas - Open Security Summit (Working Session 21th May 2019)
Dinis Cruz
 
PDF
Template for "Sharing anonymised risk theme dashboards v0.8"
Dinis Cruz
 
PDF
Owasp and summits (may 2019)
Dinis Cruz
 
PDF
Creating a graph based security organisation - Apr 2019 (OWASP London chapter...
Dinis Cruz
 
PDF
Open security summit 2019 owasp london 25th feb
Dinis Cruz
 
PDF
Owasp summit 2019 - OWASP London 25th feb
Dinis Cruz
 
Map camp - Why context is your crown jewels (Wardley Maps and Threat Modeling)
Dinis Cruz
 
Glasswall - Safety and Integrity Through Trusted Files
Dinis Cruz
 
Glasswall - How to Prevent, Detect and React to Ransomware incidents
Dinis Cruz
 
The benefits of police and industry investigation - NPCC Conference
Dinis Cruz
 
Serverless Security Workflows - cyber talks - 19th nov 2019
Dinis Cruz
 
Modern security using graphs, automation and data science
Dinis Cruz
 
Using Wardley Maps to Understand Security's Landscape and Strategy
Dinis Cruz
 
Dinis Cruz (CV) - CISO and Transformation Agent v1.2
Dinis Cruz
 
Making fact based decisions and 4 board decisions (Oct 2019)
Dinis Cruz
 
CISO Application presentation - Babylon health security
Dinis Cruz
 
Using OWASP Security Bot (OSBot) to make Fact Based Security Decisions
Dinis Cruz
 
GSBot Commands (Slack Bot used to access Jira data)
Dinis Cruz
 
(OLD VERSION) Dinis Cruz (CV) - CISO and Transformation Agent v0.6
Dinis Cruz
 
OSBot - Data transformation workflow (from GSheet to Jupyter)
Dinis Cruz
 
Jira schemas - Open Security Summit (Working Session 21th May 2019)
Dinis Cruz
 
Template for "Sharing anonymised risk theme dashboards v0.8"
Dinis Cruz
 
Owasp and summits (may 2019)
Dinis Cruz
 
Creating a graph based security organisation - Apr 2019 (OWASP London chapter...
Dinis Cruz
 
Open security summit 2019 owasp london 25th feb
Dinis Cruz
 
Owasp summit 2019 - OWASP London 25th feb
Dinis Cruz
 

Recently uploaded (20)

PDF
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
PDF
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
PDF
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
PPTX
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
PDF
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
PPTX
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
PPTX
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
PDF
LLMs.txt: Easily Control How AI Crawls Your Site
Keploy
 
PDF
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
PDF
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
PDF
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
PDF
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
PDF
Python basic programing language for automation
DanialHabibi2
 
PDF
The Builder’s Playbook - 2025 State of AI Report.pdf
jeroen339954
 
PDF
SWEBOK Guide and Software Services Engineering Education
Hironori Washizaki
 
PDF
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
PDF
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
PDF
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
PPTX
UiPath Academic Alliance Educator Panels: Session 2 - Business Analyst Content
DianaGray10
 
PPTX
Top iOS App Development Company in the USA for Innovative Apps
SynapseIndia
 
CIFDAQ Token Spotlight for 9th July 2025
CIFDAQ
 
HubSpot Main Hub: A Unified Growth Platform
Jaswinder Singh
 
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
Webinar: Introduction to LF Energy EVerest
DanBrown980551
 
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
LLMs.txt: Easily Control How AI Crawls Your Site
Keploy
 
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
Bitcoin for Millennials podcast with Bram, Power Laws of Bitcoin
Stephen Perrenod
 
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
Python basic programing language for automation
DanialHabibi2
 
The Builder’s Playbook - 2025 State of AI Report.pdf
jeroen339954
 
SWEBOK Guide and Software Services Engineering Education
Hironori Washizaki
 
Agentic AI lifecycle for Enterprise Hyper-Automation
Debmalya Biswas
 
HCIP-Data Center Facility Deployment V2.0 Training Material (Without Remarks ...
mcastillo49
 
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
UiPath Academic Alliance Educator Panels: Session 2 - Business Analyst Content
DianaGray10
 
Top iOS App Development Company in the USA for Innovative Apps
SynapseIndia
 

Veracode Automation CLI (using Jenkins for SDL integration)