Veracode is an automated application security and remediation platform. It can be used to drive insights into dynamic, static & software composition analysis. DAST, SAST, and SCA are supported.
In order to connect Cortex to your Veracode instance, you’ll need to create a Secret Key, and add it along with its ID under Settings → Veracode. Additionally, you'll need to provide the region that your instance uses.
If you do not see the Settings page you're looking for in the sidebar, you likely don't have the proper permissions and need to contact your admin.
We route our requests through a static IP address. Reach out to support at email@example.com to receive details about our static IP. If you're unable to directly whitelist our static IP, you can route requests through a secondary proxy in your network that has this IP whitelisted, and have that proxy route traffic to your Veracode instance.
If you’re unable to expose your Veracode instance to be reachable by Cortex, you can set up a Custom Integration Webhook.
Specify the applications and/or sandboxes that Cortex should pull from by adding their names to the Cortex Service Descriptor.
If you need to override the automatic discovery, you can define the following block in your Cortex Catalog Descriptor.
x-cortex-static-analysis: veracode: applicationNames: - My Application - Second Application sandboxes: - applicationName: My Application sandboxName: My Sandbox - applicationName: Second Application sandboxName: Second Sandbox
Please paste the application and sandbox name exactly as they appear in Veracode.