It is better to scan our Veracode Jenkins open source plugin in platform before we are releasing into Jenkins Marketplace.

The best option is adding Veracode scan into GitHub Jenkins build pipeline, but not sure it is feasible or not.

The other options is to adding script to do it by download binary from Jenkins Artifcatory, or scan it manually before releasing it.