Skip to main content

Veracode SCA remediation guidance

These guidelines can help you lower your application risk in Veracode Software Composition Analysis.

  • Download the latest version, or least-vulnerable version of the component.


    The latest version of the component is not always the least vulnerable.

  • Replace the vulnerable component with a different component with similar functionality.

  • Use environmental controls to suppress application risk. If you are using the vulnerable portion of the component, try a workaround.

  • Mitigate the functionality of the vulnerability or license in the component.

  • Build your own secure component.