{"type":"doc","content":[{"type":"layoutSection","content":[{"type":"layoutColumn","attrs":{"width":66.66},"content":[{"type":"paragraph","content":[{"text":"ModelOp Center seamlessly integrates with existing code scanning and security systems, such as Veracode, to allow enterprises to leverage existing IT investments.","type":"text"}]},{"type":"paragraph","content":[{"text":"Table of Contents","type":"text","marks":[{"type":"strong"}]}]},{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"toc","parameters":{"macroParams":{},"macroMetadata":{"macroId":{"value":"ff163f53-b5a6-4517-be43-f933de0c7607"},"schemaVersion":{"value":"1"},"title":"Table of Contents"}},"localId":"f792d477-3757-4489-be5d-2d1e543bac5c"}}]},{"type":"layoutColumn","attrs":{"width":33.33},"content":[{"type":"paragraph"}]}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"Introduction","type":"text"}]},{"type":"paragraph","content":[{"text":"ModelOp Center provides the ability to integrate with Veracode to enable automated code scanning of registered models within ModelOp Center","type":"text"}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"Veracode Integration Setup","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Prerequisites","type":"text"}]},{"type":"paragraph","content":[{"text":"This guide assumes the following prerequisites:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Spring property ","type":"text"},{"text":"mlc.veracode-task-monitor.username","type":"text","marks":[{"type":"code"}]},{"text":" set with Veracode username","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Spring property ","type":"text"},{"text":"mlc.veracode-task-monitor.password","type":"text","marks":[{"type":"code"}]},{"text":" set with Veracode password","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Veracode process configured to be triggered from a Jenkins Job","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Security","type":"text"}]},{"type":"paragraph","content":[{"text":"The Veracode SDK is used to authenticate and communicate with Veracode. The Veracode credentials can be configured via Spring properties through direct property configuration, kubernetes secrets, or using ","type":"text"},{"text":"Vault","type":"text","marks":[{"type":"link","attrs":{"href":"/wiki/spaces/dv30/pages/1670417947"}}]},{"text":".","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Task variables","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"APP_ID","type":"text","marks":[{"type":"code"}]},{"text":" - Veracode app id","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"SANDBOX_ID","type":"text","marks":[{"type":"code"}]},{"text":" - Veracode sandbox id (one of ","type":"text"},{"text":"SANDBOX_ID","type":"text","marks":[{"type":"code"}]},{"text":" or ","type":"text"},{"text":"SANDBOX_NAME","type":"text","marks":[{"type":"code"}]},{"text":" is required; ","type":"text"},{"text":"SANDBOX_ID","type":"text","marks":[{"type":"code"}]},{"text":" has priority)","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"SANDBOX_NAME","type":"text","marks":[{"type":"code"}]},{"text":" - Veracode sandbox name (one of ","type":"text"},{"text":"SANDBOX_ID","type":"text","marks":[{"type":"code"}]},{"text":" or ","type":"text"},{"text":"SANDBOX_NAME","type":"text","marks":[{"type":"code"}]},{"text":" is required; ","type":"text"},{"text":"SANDBOX_ID","type":"text","marks":[{"type":"code"}]},{"text":" has priority)","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"VERACODE_BUILD_ID_FROM_JENKINS","type":"text","marks":[{"type":"code"}]},{"text":" - the build id of the Jenkins process that initiated the Veracode build","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Optional Spring properties","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"http.proxyHost","type":"text","marks":[{"type":"code"}]},{"text":" is for a proxy host and defaults to null","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"http.proxyPort","type":"text","marks":[{"type":"code"}]},{"text":" is for a proxy port and defaults to null","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"mlc.veracode-task-monitor.poll-rate","type":"text","marks":[{"type":"code"}]},{"text":" specifies how often (in milliseconds) to check for Veracode tasks. The default is 5000 milliseconds","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Veracode Task","type":"text"}]},{"type":"paragraph","content":[{"text":"At a high level, Veracode integration begins shortly after the Veracode process is running. The integration will poll until a summary report is found or a timeout occurs. To get a summary report the Veracode task:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Retrieves a list of sandboxes for the ","type":"text"},{"text":"APP_ID","type":"text","marks":[{"type":"code"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Finds the sandbox matching the ","type":"text"},{"text":"SANDBOX_ID","type":"text","marks":[{"type":"code"}]},{"text":" or ","type":"text"},{"text":"SANDBOX_NAME","type":"text","marks":[{"type":"code"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Finds a list of builds matching the sandbox","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Finds the Veracode build matching the ","type":"text"},{"text":"VERACODE_BUILD_ID_FROM_JENKINS","type":"text","marks":[{"type":"code"}]}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Retrieves the summary report using the id from the matching Veracode build","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Saves the summary report to the ","type":"text"},{"text":"SUMMARY_REPORT","type":"text","marks":[{"type":"code"}]},{"text":" output parameter if a non-null policy compliance status is found","type":"text"}]}]}]},{"type":"paragraph"},{"type":"heading","attrs":{"level":1},"content":[{"text":"Example MLC Integration with Veracode","type":"text"}]},{"type":"paragraph","content":[{"text":"The Veracode MLC integration occurs after the initial Jenkins job has completed and the Veracode job has been invoked. The task will wait until a summary report is found or a timeout occurs.","type":"text"}]},{"type":"paragraph","content":[{"text":"For example:","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start"},"content":[{"type":"media","attrs":{"width":520,"id":"699cc9b8-c261-4086-9279-e73df7403fd4","collection":"contentId-1670417856","type":"file","height":158}}]},{"type":"paragraph"},{"type":"heading","attrs":{"level":1},"content":[{"text":"Sample responses","type":"text"}]},{"type":"paragraph","content":[{"text":"This is a sample response for getting a list of sandboxes","type":"text"}]},{"type":"codeBlock","content":[{"text":"\n\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\n","type":"text"}]},{"type":"paragraph"},{"type":"paragraph","content":[{"text":"This is a sample response for getting a list of builds","type":"text"}]},{"type":"codeBlock","content":[{"text":"\n\n\t\n\t\n\t\n","type":"text"}]},{"type":"paragraph"},{"type":"paragraph","content":[{"text":"Finally, here is a sample summary report response","type":"text"}]},{"type":"codeBlock","content":[{"text":"\n\n\t\n\t\t\n\t\t\t\n\t\t\n\t\n\t\n\t\n\t\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\n\t\n\t\t\n\t\n","type":"text"}]},{"type":"paragraph"},{"type":"paragraph"},{"type":"layoutSection","content":[{"type":"layoutColumn","attrs":{"width":66.66},"content":[{"type":"heading","attrs":{"level":1},"content":[{"text":"Related Articles","type":"text","marks":[{"type":"strong"}]}]},{"type":"paragraph"}]},{"type":"layoutColumn","attrs":{"width":33.33},"content":[{"type":"paragraph"}]}]}],"version":1}

Browser not supported