Skip to main content

Getting started with Veracode SCA

Veracode SCA supports two methods of scanning that you can run at different points in the development lifecycle: scans of uploaded applications and agent-based scans.

Upload and scan method

The upload and scan method scans your application after you compile and upload the application binaries to the Veracode Platform. You can upload the binaries through the Veracode Platform user interface or by using the Veracode XML APIs. The upload and scan method allows you to perform an SCA scan at the same time as a Veracode Static Analysis or separately, if you do not have a Veracode Static Analysis subscription.

For more information about the functionality available for Veracode SCA upload scans, see the upload scan documentation.

Agent-based scan method

The agent-based scan method scans your code early and frequently in your software development lifecycle (SDLC). This method allows you to quickly scan repositories or locally cloned projects from the command line. You can also integrate agent-based scanning into your continuous integration (CI) pipelines. C/C++ scanning, Docker container scanning, and some additional insights, such as vulnerable methods and dependency graphs, are only available through agent-based scanning.

You can extract information about your agent-based scanning workspaces using the SCA REST API.

For more information about the functionality available for Veracode SCA agent-based scanning, see the agent-based scan documentation.