Using Veracode SCA with programming languages
Veracode Software Composition Analysis features are available for several programming languages, which all have specific requirements for performing scans.
For the detailed list of supported tools and languages, see the SCA agent-based scan language support matrix and SCA upload and scan language support matrix.
Java
To assess the security risk of open-source components in your Java code early and frequently in your development, perform agent-based scans on the command line or as an automated step in your pipeline. Plugins are available to automate scanning of Gradle or Maven repositories for Java applications. Sample Java repositories are available in GitHub to demonstrate how to run agent-based scans.
To analyze the open-source risk of your compiled Java application as part of a Veracode Static Analysis, upload your application binaries to Veracode. Your application must meet the Java packaging requirements. See Requesting a Veracode SCA upload scan and Reviewing Your Application Portfolio with Veracode SCA.