After a Veracode Software Composition Analysis (SCA) agent-based scan completes, the bottom of the output in your terminal includes a URL for the Veracode Platform where you can view the scan results in more detail. For example:
Unique Library Licenses 3
Libraries Using GPL 0
Libraries With No License 1
Full Report Details https://sca.analysiscenter.veracode.com/teams/abzs0qx/scans/22679557
Veracode displays the scan results in these categories:
Issues: includes out-of-date libraries, license violations, and vulnerabilities associated with a specific version of a library within a repository.
Vulnerabilities: represents the set of unique vulnerabilities across a project. If multiple libraries in a given project are associated with the same vulnerability, the vulnerability only appears once in this list.
Libraries: includes each open source library Veracode SCA has identified within a code project.
Licenses: displays the software license information associated with each open-source library in use.
After viewing the scan results, you can fix the vulnerabilities using the instructions in the Veracode Platform and validate the fixes.