The Veracode Software Composition Analysis (SCA) agent can read from these environment variables instead of variables set in the
Provides an alternate means of supplying the
agentAuthorization token required to use the agent-based scanning API. If present, this variable supersedes the configuration file.
Specifies the Veracode Platform backend URL that the SCA agent uses to communicate with the API of your source code management system. Overrides
SRCCLR_REGION. Valid values are:
https://api.sourceclear.io- United States Region. The default.
https://platform-backend.analysiscenter.veracode.eu- European Region
https://platform-backend.analysiscenter.veracode.us- United States Federal Region
Region-specific server where Veracode stores your results. Valid values are:
COM- Commercial Region. The default.
ER- European Region.
FED- United States Federal Region.
When set to
TRUE, the SCA agent can use an expanded set of ciphers to connect to the Veracode Platform. When set to
FALSE,the agent can only use FIPS-compliant ciphers. Valid values are:
TRUE- The default value for the Commercial and European Regions.
FALSE- The default and only valid value for the United States Federal Region.
Permits altering the behavior, or system properties, of the underlying Java runtime system that is used by the
Specifies which Python interpreter version virtualenv uses when creating a virtual Python environment. The default value is the interpreter version used to install virtualenv on your machine.
Provides an explicit means of specifying the agent-based scanning configuration file location. If this variable is populated, the program will use that path in addition to the system and user locations, but is still subject to override by the
--config command line flag. If it is populated but points to an invalid path, the program halts in error.
Specifies the scope for scans of NPM and Yarn projects. Valid values are:
prod- Restricts scans to production dependencies, including the optional dependencies you can install. The default value.
dev- Restricts scans to development dependencies.
all- Scans production and development dependencies.
For scope options, see Multi-Language Scan Directives.
If you set either of these values and they contain a URL that points to a proxy which speaks the HTTP proxy protocol, the agent uses them for outbound HTTP requests, just as curl and git behave. Also like the other programs, the agent accepts inline credentials in the URL, such as
http://myUser:[email protected]. If the URL does not contain an explicit port, the traditional ports for the protocol of the URL are implicitly inserted:
https://. Unlike those other programs, the agent accepts either environment variable name (
http_proxy) and uses that proxy information for all HTTP requests. Be aware that proxy values in any configuration file provided to the agent, the default location or values provided by
–config supersede any proxy specification in these environment variables.
You can also use scan directives as environment variables in your CI configuration by adding
SRCCLR_ before the directive name and changing the directive name to be all uppercase. For example: