SCA agent-based scanning

Audience: AppSec manager, Developer, Security leader

Prerequisites

• You have a user account and an application profile.

Learning objectives

Upon completion of this module, you'll be able to:

• Set up and scan a demo application.
• Run agent-based scans in a pipeline or from your desktop.
• Review, prioritize, and remediate security findings.

Get started with a demo application
20 min

Learn how to run a simple SCA agent-based scan of a demo repository in your CLI.

1. Confirm your environment meets the SCA requirements
   ~2 min
2. Follow the SCA agent-based scan quickstart
   ~20 min

Scan your repository
~20 min

Get started running agent-based scans of your projects.

1. Create an SCA workspace
   ~3 min
2. If scanning in a pipeline, set up your integration
   ~10 min
3. If scanning from your desktop, set up your agent to run scans in the CLI
   ~5 min

Link and manage findings
~15 min

Review your results. Results are available in the Veracode Platform and in your CLI or pipeline.

1. Link your project to an application to view findings from all scan types
   ~5 min
2. Review, prioritize, and address security findings
   ~10 min