I have a binary artifacts available into Release repository in Nexus. we need to upload those artifacts from Nexus to Veracode for static code analysis.
So, what's the best (or any reasonable) way to upload build artifacts to a Veracode from Nexus repository with or without Maven? "bash + curl" would be great, or even a Python script.?
All artifacts in a Maven repository are available for download via normal HTTP requests. So any scripting language including bash + curl or wget will work just fine. That includes Python and any other language with HTTP support (basically any).
What the best solution is will largely depend on what you are familiar with and what works well with Veracode. Keep in mind that static code analysis might have to use the source artifacts rather than the binary outputs.
You might also want to check out what you can get from the Nexus Lifecycle, Nexus Auditor or Nexus Firewall in terms of analysis of binary component analysis.
At this time Veracode doesn't have a dedicated, prebuilt Nexus plugin. However, if you have a Veracode login, you can download our API guide along with a Java library to help you get started from our Help Center. Depending on the language and how the artifacts are built, you should be able to leverage the API to upload the artifacts for scan and retrieve results, without requiring access to the source code.
We're interested in your use case; please feel free to reach out to me personally (tjarrett at veracode) if you'd like to discuss further.
