Troubleshooting Software Composition Analysis
This section helps you remedy common problems and understand how better to use Software Composition Analysis (SCA).
Issue
I need to open a support case with Veracode Technical Support.
Solution
Provide this information to Veracode Technical Support:
The package manager and version you are using.
The agent CLI, CI, and plugins you use for scanning, and their versions.
The environment variables, flags, and directives you use for scanning.
Your debug logs, which you can get with any of these commands:
- In your terminal:
srcclr scan --debug
- In a CI:
curl -sSL https://download.sourceclear.com/ci.sh | DEBUG=1 bash
- In a CI:
export DEBUG=1 curl -sSL https://download.sourceclear.com/ci.sh | bash
- In your terminal:
The project you are scanning with the correct directory structure.
The command you use to start the scan and answers to these questions:
- Was your scan only a SRCCLR scan or did you use other environment variables?
- Did you use a CI script to perform the scan?