Skip to main content

Manage SCA workspaces

Use workspaces to separate and manage project scan data for SCA Agent-based Scan. Each workspace can include multiple SCA agents that perform scans on your code projects and display the results in the workspace to which they belong. You can store scan data in different workspaces and control user access to that data based on the workspaces to which a user belongs.

In the Veracode Platform, on the Workspace Portfolio page, you can search for a library, vulnerability, or license and drill down into the workspaces and projects that include the items in your search. If you select a workspace name, you see the issues associated with the workspace, including details such as the median resolution time and a breakdown of the issues by severity.

You can create workspaces and use them to collaborate with team members. You can also use the automatically created My Workspace to perform quick scans and review scan data on your own.

You can extract information about your workspaces using the SCA REST API.

About My Workspace

All users have access to a personal workspace for local scanning called My Workspace, but we don't recommend using it for anything but temporary experimentation. The Veracode Scan IDE plugins and extensions only use My Workspace.

Important

The Veracode Scan IDE plugins and extensions temporarily create projects in My Workspace, but since My Workspace can only store up to three projects, scans in your IDE will fail if you have already reached this limit. Therefore, we recommend deleting all projects from My Workspace before using these plugins.

Your user account does not require specific roles or team membership to create projects or start scans in My Workspace. The workspace automatically appears in your workspace list. With My Workspace, you can create agents, add custom rules, and manage and review scan data for projects just as you do with other workspaces.

To simplify the My Workspace experience, we implement several restrictions. You cannot:

If you need access to more than three projects, reach out to the administrator of your Veracode account to request access to other workspaces.

Create a workspace

Workspaces help you organize your project data for scanning. Use workspaces to organize scan results by application or business unit. Workspaces are similar to teams. Scan results are available at the project level, and projects are available at the workspace level. You can also customize your workspace to suit your needs.

My Workspace, which is available for all users, provides limited functionality for experimenting with agent-based scans.

You can also create workspaces with the SCA REST API.

Before you begin:

You have the Security Lead or Creator role.

To complete this task:

  1. In the Veracode Platform, select Scans & Analysis > Software Composition Analysis.
  2. Select Agent-Based Scan.
  3. Select Actions > Create Workspace.
  4. Enter a name for the workspace.
  5. If you want to add teams to the workspace, select More Options and select one or more teams.
  6. Select Create.

Next steps:

Set up an SCA agent.

Delete a workspace

Deleting workspaces permanently deletes the agents and any data associated with that workspace.

You can also perform this task with the SCA REST API.

Before you begin:

You must have the Security Lead, Creator, or Workspace Administrator role to delete workspaces.

To complete this task:

  1. In the Veracode Platform, select Scans & Analysis > Software Composition Analysis.
  2. Select Agent-Based Scan.
  3. Select a workspace.
  4. Select Settings from the Manage Workspace dropdown.
  5. Select Delete Workspace.
  6. Select Yes, Delete to permanently delete the workspace.

Locate the workspace slug

You use the workspace slug to apply an SCA agent to a workspace using a scan directive or environment variable.

To complete this task:

  1. In the Veracode Platform, select Scans & Analysis > Software Composition Analysis.
  2. Select Agent-Based Scan.
  3. Select the desired workspace from the workspace list.
  4. Copy the eight-character value shown in the URL.

You can also obtain a workspace slug by sending a request to the getWorkspaces API and retrieving the value from the site_id field in the payload.

Assign security policies to workspaces

If you want projects to be evaluated against a security policy other than the default policy, you can assign policies at the workspace level.

Before you begin:

You must have the Security Lead, Workspace Administrator, or Workspace Editor role.

To complete this task:

  1. In the Veracode Platform, select Scans & Analysis > Software Composition Analysis.
  2. Select Agent-Based Scan.
  3. Select a workspace.
  4. Select Policy Assignment.
  5. Select a policy. The available options include the built-in policy and any custom policies that contain rules applicable to agent-based scans.
  6. Select Save.

Use the latest CVSS version in SCA policy rules

Important

If your organization has activated the Unified Policy feature, which replaces agent rules, all agent-based scans use Common Vulnerability Scoring System (CVSS) version 3 to evaluate your vulnerabilities.

You can use CVSS version 3 in your policy rules to evaluate your vulnerabilities against the latest version of the standard.

Before you begin:

You must have the Security Lead, Workspace Administrator, or Workspace Editor role to edit the CVSS version for a workspace rule. You must have the Security Lead role to edit the CVSS version for an organization rule.

To complete this task:

  1. In the Veracode Platform, select Scans & Analysis > Software Composition Analysis.
  2. Select Agent-Based Scan.
  3. Select a workspace.
  4. Select Custom Rules.
  5. Select Edit.
  6. Choose a rule control you want to modify or select Add control to create a new control.
  7. For Level, choose if you want violations of this control to result in an error or a warning. Errors result in a build failure. Warnings result in log entries to the continuous integration systems, but they do not cause a build failure.
  8. Expand the control row to display all condition options.
  9. From the Severity dropdown menu, select the CVSS score you want to use for this control.
  10. If you want to generate issues based on the CVSS severity, select Create Issue.
  11. Select Save.
Last updated on