The Veracode solution along with BMC Compuware Topaz Workbench provides application security for Mainframe. When the Veracode eclipse plugin is integrated with BMC Compuware Topaz Workbench, it helps organizations to discover security risks in mainframe applications early in the development lifecycle. The modern IDE of Topaz Workbench edits and debugs code, followed by the Veracode IDE Scan that identifies vulnerabilities in the code written. The Veracode solution supports all types of application code along with COBOL. 

Installing the Veracode plugin into Topaz Workbench

Before installing the Veracode plugin you need to perform the following steps:

1. Log in to the Veracode Platform.

   Important

   If you do not have access to the Veracode Platform, email contact@veracode.com with the subject line BMC's Topaz IDE Credential Request. If your request is approved, you will receive the access credentials information.

2. From the user account dropdown, select API Credentials.
3. Click Generate API Credentials.
4. Copy the ID and secret key to a secure place. Veracode recommends storing your credentials in an API credentials file.

To install the Veracode plugin

1.  Click the Help menu and select Install New Software...
   The Available Software window is displayed.
   
   
   
   
2. Click Add. The Add Repository window is displayed.
3. In the Add Repository window, in the Name field, enter Veracode and, in the Location field, enter https://tools.veracode.com/integrations/Eclipse/update and click Add.
   
   
   
4. Select the checkbox next to the plugin and click Next. 
   If the Veracode checkbox does not open, clear the Group items by category checkbox.
   
   
   
   
5. Click Next.
   
   
   
   
6. Read and accept the terms of the License Agreement and click Finish.
7. When prompted, restart Eclipse.

To use the scan feature of Veracode

1. In the Topaz Workbench application, click Veracode and select Upload and Scan. The Create Scan dialog box is displayed.
2. .In the Scan Name field, enter the desired name for your scan and click Create. 
   
   
   
   This lists the available eclipse projects in the Upload and Scan dialog box.
   
   
   
   
3. In the Output File section, click the three dots to launch File Explorer to upload the source code file.
4. Select the required source code file you want to upload and click Open. If you want to upload multiple source code files, you can upload the .zip file by clicking Add.
5. Click Upload to add the files for scanning. The File Upload dialog box is displayed.
   
   
   
   
6. In the File Upload dialog box, click Yes to continue the file upload.
   
   
   
   
7. A confirmation message is displayed to begin a prescan. Click Yes to continue.
   
   
   
   
8. A confirmation message is displayed about the number of files uploaded. Click OK to continue.
   
   
   
   
9. Click Yes, to begin the scan once the pre-scan is completed. 
   
   
   
   
10. Click OK to continue the pre-scan.
    
    
    
    
11. Click Close to close the Upload and Scan dialog box.
    
    

You will receive the scan updates through emails. Once the scan is complete, you can click on the hyperlink to access the results.

To download the scan result

1. In the Topaz Workbench application, click Veracode > Download Results.
   The Download Results dialog box is displayed. 
2. In the Application field, enter the name that you have entered for your scan and click Download.
   
   
   
   
   The Veracode results view is opened in Topaz Workbench.