The Veracode Software Composition Analysis (SCA) agent, also referred to as the scanner, is the program that builds and scans your code to find third-party libraries and the vulnerabilities contained in those libraries.
Workspace agents let you scan projects and put their results in a specific workspace. When you create a new workspace, you can set up at least one agent for that workspace to scan projects into that workspace.
For organizations that want to minimize setup for new workspaces, Veracode offers agents at the organization level. One organization agent can scan into any workspace. You simply identify which workspace at scan time using a flag, called a workplace slug, or an environment variable.
Workspace agent permissions
If you have the Security Lead role, you can manage any workspace agent.
If you have the Workspace Administrator, Workspace Editor, or Submitter role, you can manage agents for a specific workspace.
Organization-level agent permissions
If you have the Security Lead role, you can create, view, update, and delete organization-level agents.
Scanning with an organization-level agent for desktop operating systems
When scanning with an organization-level agent, append the workspace flag and slug after the scan command:
srcclr scan --ws=<workspace slug>
To find the workspace slug, select the desired workspace from the menu and copy the slug from the field below.
The workspace slug can also be found in the URL of the workspace when you are on any workspace page.
Scanning with an organization-level agent for desktop operating systems using CI
For organization-level agents, follow the workspace agent instructions, but also add the environment variable
SRCCLR_WORKSPACE_SLUG to the appropriate configuration file. The value of this variable is the same as above.