Skip to main content

Viewing agent-based scan results

After a Veracode Software Composition Analysis (SCA) agent-based scan completes, the bottom of the output in your terminal includes a URL for the Veracode Platform where you can view the scan results in more detail. For example:

Unique Library Licenses 3
Libraries Using GPL 0
Libraries With No License 1

Full Report Details

Veracode displays the scan results in these categories:

  • Issues: includes out-of-date libraries, license violations, and vulnerabilities associated with a specific version of a library within a repository.

  • Vulnerabilities: represents the set of unique vulnerabilities across a project. If multiple libraries in a given project are associated with the same vulnerability, the vulnerability only appears once in this list.

  • Libraries: includes each open source library Veracode SCA has identified within a code project.

  • Licenses: displays the software license information associated with each open-source library in use.

After viewing the scan results, you can fix the vulnerabilities using the instructions in the Veracode Platform and validate the fixes.