Find your people. Pick a challenge. Ship something real. The CreatorCon Hackathon is coming to the Community Pavilion for one epic night. Every skill level, every role welcome. Join us on May 5th and learn more here.

Veracode Vulnerability Integration Credential Validation

wsanders
Tera Contributor

3 weeks ago

I can install both Vulnerability Response and the Veracode Integration, but my API credentials do not work. I get Credential validation failed when I save and test my credentials.

0 Helpfuls
  • 373 Views
4 REPLIES 4

Tanushree Maiti
Kilo Patron

3 weeks ago

Can you confirm , you are using correct API Id and Key with proper option   as per 

ServiceNow documentation: Configure the Veracode Vulnerability Integration 

 

Can you  share the error.

 

 

 

 

Please mark this response as Helpful & Accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:
0 Helpfuls

wsanders
Tera Contributor
In response to Tanushree Maiti

3 weeks ago

I've tried to share the error as an image, but it fails to connect to
hxxps://api[.]veracode[.]com/appsec/v1/applications 

 

When I step through the scripts execution in the script debugger in ServiceNow, I can see setConfiguration populating the correct values for the API ID and Key to provide to the function used by the app under configTempIGR > configs object.

I am noting the record changes at var util = new sn_vul_veracode.VeracodeConfigUtil() to a different value for the API key.

0 Helpfuls

wsanders
Tera Contributor

3 weeks ago

Hey, I am using the correct API Id and Key. I even tried it associated with the Veracode Platform administrator account.

 

wsanders_0-1775753636641.png


The system log shows 401.

Failed to validate Veracode credentials! Reason: Request not authorized (401): {"host":"api.veracode.com","path":"/appsec/v1/applications?size=50&page=0"}

 

If I take these credentials and call that endpoint via the Postman collection Veracode published to SwaggerHub, it works without issue.

0 Helpfuls

wsanders
Tera Contributor

3 weeks ago

Hey, I am using the correct API Id and Key. I even tried it associated with the Veracode Platform administrator account.

 

wsanders_0-1775753636641.png


The system log shows 401.

Failed to validate Veracode credentials! Reason: Request not authorized (401): {"host":"api.veracode.com","path":"/appsec/v1/applications?size=50&page=0"}

 

If I take these credentials and call that endpoint via the Postman collection Veracode published to SwaggerHub, it works without issue.

 

Looking at the scripts the integration calls, it shows that the HMAC header is present, so I'm uncertain as to why it fails to fetch.

0 Helpfuls