You can link the projects you create for Veracode Software Composition Analysis agent-based scans to your Veracode Platform application profiles to enable a unified view of your results for all Veracode scans and include agent-based scan results in your application policy evaluations.
Linking a project to an application sends the inventory of that project to the application profile, allowing the application profile to reflect all libraries and vulnerabilities found through agent-based scans.
You can link multiple projects to an application. If you want to link one project to multiple applications, you need to scan that project under multiple workspaces, then link each instance of that project to a different application.
To include agent-based results in the policy evaluation for your application, you must perform at least one upload scan of the application before linking an agent-based scanning project to the application.
To extract findings from linked projects using an API, Veracode recommends you use the Findings REST API.
To link a project to an application: