If the Veracode Software Composition Analysis (SCA) agent is not able to generate an automatic pull request, it displays this message:
No pull request was generated.
If you see this message when you expect the agent to generate a pull request, such as when the project uses vulnerable dependencies, verify that your project uses the supported build files.
If your project uses
yarn.lock files, which Veracode SCA does not support, Veracode recommends one or both of these troubleshooting steps:
package.json, and run the
srcclr scancommand again with the
- Run the
srcclr scan --scan-collectors 'npm'command to perform an
npm installand generate a pull request.
After merging the pull request, run the
yarn install command to update the
yarn.lock based on the changes in