Veracode connectivity issues

[lothbrok2020]

Hi - I'm using this plugin in Release. When I enter valid Veracode credentials, I receive the below error. This also happens regardless of what I enter in the username and password field. The url im targeting is https://analysiscenter.veracode.com/. Also the VM im using has no network restrictions.

Can't connect to Veracode Server.

Exception: HTTP response code 401 (Unauthorized)

[silvatyrant]

I'm having exactly the same issue as @lothbrok2020. @t-j-f any ideas on what we're doing wrong here?

[magichome]

Let me see what I can figure out.

[silvatyrant]

Let me see what I can figure out.

Thanks, @magichome @t-j-f. Appreciate it!

[silvatyrant]

@magichome @t-j-f It seems I was using the tagged release version (1.1.1) which did not support HMAC (required to make a REST API call to the Veracode platform). I noticed that there was a tagged pre-release version (1.2.0) which makes allowance for the use of the vid and vkey (supporting HMAC), which I have subsequently loaded into XLR, but there is still an issue (I believe) with the requests package unable to locate the cacert.pem store (see screenshot attached).

[silvatyrant]

Managed to sort out the issue... So here goes...

Basically, my organisation decided it's smart to self-sign all their own root certs. And anything that trust chain is dependent on said certs. The certifi python package doesn't know anything about our CA certs so the trust chain "breaks" when XLR makes the call out to Veracode.

All that was required was for me to add the following line to my run.sh: export REQUESTS_CA_BUNDLE=${LocationToMyOrgsCustomCAStore}

After some digging, I found the answer in the xlr-jython-code-snippets documentation, here.

SORTED:

I don't know about @lothbrok2020, but this is no longer an issue for me. Consider mine "Resolved".

[magichome]

Great! Thanks for the update. I'll see about releasing 1.2.