Configuring the Gradle Plugin

Veracode Software Composition Analysis

You can configure specific parameters in the Veracode Software Composition Analysis agent-based scanning Gradle plugin.

You can add these configurations into the srcclr block in your build.gradle file.

Enables uploading all scanned repositories to the Veracode Platform as new projects. Required for running the plugin if you have not set the SRCCLR_API_TOKEN environment variable.
Default value: null
Example: apiToken = "xdfsdfinerknwekrn13Ddfsa"
If set to true, scan results persist in the Veracode Platform in the workspace associated with your apiToken.
Default value: true
Example: shouldUpload = false
Defines the scope on which components should match. Possible values include compile, runtime, and test. Veracode recommends you use runtime if you specify libraries using the api or implementation keywords.
Default value: compile
Example: scope = "compile"