Skip to main content

Viewing agent-based scan results

After a Veracode Software Composition Analysis (SCA) agent-based scan completes, the bottom of the output in your terminal includes a URL for the Veracode Platform where you can view the scan results in more detail. For example:

Licenses
    Unique Library Licenses              3
    Libraries Using GPL                  0
    Libraries With No License            1
    
    Full Report Details                  https://sca.analysiscenter.veracode.com/teams/abzs0qx/scans/22679557

Veracode displays the scan results in these categories:

  • Issues: includes out-of-date libraries, license violations, and vulnerabilities associated with a specific version of a library within a repository.

  • Vulnerabilities: represents the set of unique vulnerabilities across a project. If multiple libraries in a given project are associated with the same vulnerability, the vulnerability only appears once in this list.

  • Libraries: includes each open source library Veracode SCA has identified within a code project.

  • Licenses: displays the software license information associated with each open-source library in use.

After viewing the scan results, you can fix the vulnerabilities using the instructions in the Veracode Platform and validate the fixes.