Automating analysis with integrations

If you are using the Veracode integrations to automate Static Analysis or Software Composition Analysis scans of your applications, you must follow certain guidelines to ensure that your automations run successfully.

Any first-party modules you upload for Static Analysis or third-party components you select for Veracode SCA upload scanning must not have fatal or blocking errors. These errors prevent the analysis from starting and cause your automation to fail. Before you run your automation, run a prescan verification to identify and resolve any errors in your modules and files.

For CI/CD systems, each scan in the same automation must upload the same top-level modules. If the top-level modules change between scans, all scans in the automation pause automatically. Before you can restart the automation, you must review the changed or added modules to ensure that all uploads include the same top-level modules.