Jenkins veracode-scanner Plugin stores credentials unencrypted in its global configuration file org.jenkinsci.plugins.veracodescanner.VeracodeNotifier.xml
on the Jenkins controller. These credentials can be viewed by users with access to the Jenkins controller file system.