Original Post: End to End Testing with Static, Container, and Dynamic…
In this blog, the Veracode CLI tool is examined, showcasing its compatibility with Windows, MacOS, and Linux. Installation is straightforward, and once authenticated with a Veracode API ID and secret, the tool offers various functions across the Software Development Lifecycle (SDLC). Key steps include:
- Installation and Authentication: Installation is guided by documentation, followed by configuration with Veracode API credentials.
- Static Analysis: Packaging application code into deployment artifacts, which Veracode scans for vulnerabilities.
- Code Correction: Utilizing Veracode Fix to address detected flaws, providing solutions which can be applied and committed to source control.
- Container Security: Assessing Docker container images for vulnerabilities and issues, such as outdated components.
- Infrastructure as Code (IaC) Assessment: Scanning IaC files (e.g., CloudFormation templates) for security misconfigurations and vulnerabilities.
- Dynamic Analysis: Conducting DAST scans on running applications to identify vulnerabilities, with configurable severity thresholds for scan results.
The blog emphasizes the ease of integration and automation with the Veracode CLI for developers aiming to enhance security within their CI/CD pipelines.
Go here to read the Original Post