Skip to main content

Veracode SCA Scan for VS Code Prerequisites

Before you can install and use Veracode SCA Scan for VS Code, you must have:

  • A human user account with the Security Lead, Workspace Administrator, Workspace Editor, or Submitter role.

  • Configured a Veracode API credentials file with valid API credentials. The extension uses these credentials to authenticate with Veracode, not the SCA agent token.

  • Obtained a Veracode SCA subscription.

  • Created a Veracode SCA workspace. If you use My Workspace, it must have an available project slot.

  • Installed and activated a single SCA workspace agent on your local system. If you have more than one agent installed, you must delete all but one.

    • To install a workspace agent, Veracode recommends you create and install the Veracode SCA CLI agent for your operating system.
    • You obtain and activate an activation token when you create an agent in the Veracode Platform. To obtain the token for an existing agent in the Veracode Platform, select Scans & Analysis > Software Composition Analysis > Agent-Based Scan > {workspace} > Agents > {agent name}. If you do not see a token for the selected agent, you can generate a new one.
    • The SCA agent requires that your project is either in a Git-based repository or you have configured a source code management (SCM) environment variable, such as SRCCLR_NO_GIT=1.
  • Installed a supported version of VS Code.

  • Installed a supported package manager.