Skip to main content

Install the Veracode SCA Agent with PowerShell

If you are running a scan in a Windows environment and do not want to use Chocolatey to install the agent, you can use PowerShell.

To complete this task:

  1. In the Veracode Platform, select Scans & Analysis > Software Composition Analysis.

  2. Click the Agent-Based Scan tab.

  3. Select a workspace.

  4. Click Agents > Actions > Create > Windows.

  5. Click the PowerShell tab.

  6. Click Create Agent & Generate Token.

  7. Set the $Env:SRCCLR_API_TOKEN environment variable to the authentication token you just generated.

  8. If your Veracode account is in the Commercial Region, skip this step. If your Veracode account is in the European or United States Federal Region, set the $Env:SRCCLR_REGION environment variable to one of the following:

    • European Region: ER
    • United States Federal Region: FED

  9. In your PowerShell terminal, set execution policy to AllSigned. You may need to run this command to set the execution policy because PowerShell does not permit scripts to run by default:

    Set-ExecutionPolicy AllSigned -Scope Process -Force

  10. Run this command to download the script:

    $ProgressPreference = "silentlyContinue"; iex ((New-Object System.Net.WebClient).DownloadString('https://download.sourceclear.com/ci.ps1'))

  11. Scan repositories with one of these commands.

    • To start scanning public repositories:

      srcclr scan --url https://github.com/srcclr/example-ruby

    • To clone and scan local repositories:

      srcclr scan FILE_PATH