You can configure specific parameters in the Veracode Software Composition Analysis agent-based scanning Maven plugin.
If you do not specify a name, Veracode assigns a name to display with your project from your repository and file system information based on the .git information.
- apiToken
- Identifies you to the Veracode Platform. Required for running the plugin if you have not set the SRCCLR_API_TOKEN environment variable.
- upload
- Indicates whether the plugin should upload your data to the Veracode Platform. If set to false, the plugin only displays results on the console.
- verbose
- By default, the Maven plugin only specifies vulnerable components to you on the command line. If set to true, the plugin displays all of the components it finds.