Veracode SCA agent management
The Veracode Software Composition Analysis (SCA) agent, also referred to as the scanner, is the program that builds and scans your code to find third-party libraries and the vulnerabilities contained in those libraries.
Workspace agents let you scan projects and put their results in a specific workspace. When you create a new workspace, you can set up at least one agent for that workspace to scan projects into that workspace.
For organizations that want to minimize setup for new workspaces, Veracode offers agents at the organization level. One organization agent can scan into any workspace. You simply identify which workspace at scan time using a flag, called a workplace slug, or an environment variable.
Workspace agent permissions
If you have the Security Lead role, you can manage any workspace agent.
If you have the Workspace Administrator, Workspace Editor, or Submitter role, you can manage agents for a specific workspace.
Organization-level agent permissions
If you have the Security Lead role, you can create, view, update, and delete organization-level agents.
Specifying the workspace for an organization-level agent via scan directive
When scanning with an organization-level agent, append the workspace flag and slug after the scan command:
srcclr scan --ws=<workspace slug>
To find the workspace slug:
- In the Veracode Platform, select Scans & Analysis > Software Composition Analysis.
- Select the Agent-Based Scan tab.
- Select the desired workspace from the workspace list.
- Copy the eight-character value shown in the URL.
The workspace slug can also be found by calling the getWorkspaces API and retrieving the value from the site_id field in the payload.
Specifying the workspace for an organization-level agent via environment variable
For organization-level agents, follow the workspace agent instructions, but also add the environment variable SRCCLR_WORKSPACE_SLUG to the appropriate configuration file. The value of this variable is the same as above.