These guidelines can help you lower your application risk in Veracode Software Composition Analysis.
- Download the latest version, or least-vulnerable version of the component.Note: The latest version of the component is not always the least vulnerable.
- Replace the vulnerable component with a different component with similar functionality.
- Use environmental controls to suppress application risk. If you are using the vulnerable portion of the component, try a workaround.
- Mitigate the functionality of the vulnerability or license in the component.
- Build your own secure component.