Skip to main content

Troubleshooting Software Composition Analysis

This section helps you remedy common problems and understand how better to use Software Composition Analysis (SCA).


I need to open a support case with Veracode Technical Support.


Provide this information to Veracode Technical Support:

  • The package manager and version you are using.

  • The agent CLI, CI, and plugins you use for scanning, and their versions.

  • The environment variables, flags, and directives you use for scanning.

  • Your debug logs, which you can get with any of these commands:

    • In your terminal: srcclr scan --debug
    • In a CI: curl -sSL | DEBUG=1 bash
    • In a CI: export DEBUG=1 curl -sSL | bash
  • The project you are scanning with the correct directory structure.

  • The command you use to start the scan and answers to these questions:

    • Was your scan only a SRCCLR scan or did you use other environment variables?
    • Did you use a CI script to perform the scan?