Skip to main content

Manage tags and branches

Veracode SCA Agent-based Scan is designed to be used with Git-based systems. Within these systems, there are commits, branches, and tags. This section describes how these three items affect issues and how you can manage them.

How SCA agents identify branches and tags

SCA Agent-based Scan chooses a tag, branch, or commit hash when importing results to the Veracode Platform. It uses the git describe --all command to determine the state of the scanned repository.

The order of selection is:

  1. Tag
  2. Branch
  3. Previous tag
  4. Previous branch
  5. Commit hash
note

If you scan a tag on a branch, Veracode SCA considers it a tag.

How branches and tags affect issues

Veracode SCA has a unique list of issues for each branch or tag scanned, which means that if you have scanned multiple branches, you might see the same issue multiple times in the issues list. This feature allows you to see the state of a specific branch or tag rather than having only one set of results for everything.

View a specific branch or tag

When viewing a project in the Veracode Platform, you can choose to see issues from a single branch or tag. To do this, select Change next to the selected branch. In the Switch Branch or Tag window, you can see which branches you have scanned.

Default branches

The default branch for your projects determines which data to display in the results. It also specifies the branch in which to automatically create issues for newly released vulnerabilities.

The results only display issues, vulnerabilities, libraries, and licenses from the default branch. All list views only show the items from the default branch and all the counts across your organization only include findings from the default branch, unless you view a different branch.

When Veracode releases or updates a vulnerability that impacts any of your projects, it automatically creates a new issue or updates an existing issue in the default branch.

Change the default branch

You can set a specific branch as the default branch for your project or use the most recently scanned branch or tag.

For new projects, the default branch for agent-based scans is set to Use Last Scanned, so that it always updates to the most recently scanned branch or tag. You can change the default to a specific branch, such as the main branch, in your project settings.

Before you begin:

You must have the Security Lead, Workspace Administrator, or Workspace Editor role.

To complete this task:

  1. In the Veracode Platform, go to Scans & Analysis > Software Composition Analysis > Agent-Based Scan.
  2. Select a workspace.
  3. Select Projects from the left menu, then select a project from the Project List table.
  4. Select Settings.
  5. Select a branch from the dropdown menu.
  6. Select Save.

Change the branch name

To rename a branch, run:

git clone url
git checkout branch_name
srcclr scan .
Last updated on