What is Veracode? #
Veracode is an application security platform. It includes Veracode Static Analysis that provides automated feedback to your developers in the IDE and CI/CD pipeline, Veracode Dynamic Analysis that scans runtime applications, and Veracode software Composition Analysis (SCA) that identifies risks from open-source libraries.
Why Should You Use the Veracode Connector? #
The Veracode connector provides visibility into the assets in your environment. You can use this visibility to:
-
ensure assets are managed per your security policies
-
derive relationships between assets, users, applications, and data
How Does This Connector Work? #
Lucidum executes read-only requests to the Veracode REST API and ingests only meta-data about Veracode devices. Lucidum does not retrieve any data stored on your assets.
Configuring the Connector in Lucidum #
|
Field |
Description |
Example |
|---|---|---|
|
URL |
The URL for the Veracode API. |
https://api.veracode.com |
|
Client ID |
Client ID for a Veracode account with read access. |
************ |
|
Client Secret |
The client secret for the Veracode account. |
 ************ |
|
Verify SSL. |
For future use. |
N/A |
Source Documentation #
Creating Credentials #
Contact your Lucidum Sales Representative for help with creating credentials.
https://docs.veracode.com/r/t_create_api_creds
-
Log in to the Veracode Platform.
-
From the user account dropdown menu, select API Credentials.
-
Click Generate API Credentials.
-
Copy the client ID and secret key to a secure place. The creation of new credentials revokes any old credentials after 24 hours.
Required Permissions #
Contact your Lucidum Sales Representative for help with permissions.
-
Read access for applications
-
Read access for Findings
https://docs.veracode.com/r/c_API_roles
API Documentation #
https://docs.veracode.com/r/c_rest_intro
