Skip to main content

Configuring the Maven plugin

You can configure specific parameters in the Veracode Software Composition Analysis (SCA) agent-based scanning Maven plugin.

If you do not specify a name, Veracode assigns a name to display with your project from your repository and file system information based on the .git information.


Identifies you to the Veracode Platform. Required for running the plugin if you have not set the SRCCLR_API_TOKEN environment variable.

Default value: null

Example: <apiToken>xxsdf234Sasdvcve</apiToken>


Indicates whether the plugin should upload your data to the Veracode Platform. If set to false, the plugin only displays results on the console.

Default value: true

Example: <upload>false</upload>


By default, the Maven plugin only specifies vulnerable components to you on the command line. If set to true, the plugin displays all of the components it finds.

Default value: false

Example: <verbose>true</verbose>