About Veracode SCA Remediation Guidance

Veracode Software Composition Analysis

These guidelines can help you lower your application risk in Veracode Software Composition Analysis.

  • Download the latest version, or least-vulnerable version of the component.
    Note: The latest version of the component is not always the least vulnerable.
  • Replace the vulnerable component with a different component with similar functionality.
  • Use environmental controls to suppress application risk. If you are using the vulnerable portion of the component, try a workaround.
  • Mitigate the functionality of the vulnerability or license in the component.
  • Build your own secure component.