Troubleshooting automatic pull requests for SCA
If the Veracode Software Composition Analysis (SCA) agent is not able to generate an automatic pull request, it displays this message: No pull request was generated.
If you see this message when you expect the agent to generate a pull request, such as when the project uses vulnerable dependencies, verify that your project uses the supported build files.
If your project uses yarn.lock files, which Veracode SCA does not support, Veracode recommends one or both of these troubleshooting steps:
- Remove
yarn.lockwhile retainingpackage.json, and run thesrcclr scancommand again with the--allow-dirtyoption. - Run the
srcclr scan --scan-collectors 'npm'command to perform annpm installand generate a pull request.
After merging the pull request, run the yarn install command to update the yarn.lock based on the changes in package.json.