Skip to main content

Veracode Pipeline Scan

You can use Veracode Pipeline Scan to evaluate the security of your applications using Veracode Static Analysis within a development pipeline.

Pipeline Scan embeds directly into development pipelines. You can configure scans to run based on various triggers, such as commits, merge requests, or code builds. You can also use it to break the build based on flaw severity and CWE category. By comparing current results with previous scans, you can identify new security flaws before releasing the application to production.

To add security testing to other CI/CD solutions, see the Veracode integrations. In the Veracode CLI, run a Pipeline Scan with the veracode static scan command.

Pipeline Scan does not support flaw mitigations or flaw matching. If you require these features, you can use security policies or development sandboxes to perform a Veracode Static Analysis of your applications.