Skip to main content

About scan directives for agent-based scanning

Veracode Software Composition Analysis (SCA) agents support scans that include per-scan directives, known as scan directives. To specify these scan directives on a per-project basis, include a srcclr.yml file at the root of the scan.


When you include a comma-separated list in a directive, enclose the string in quotation marks.

You can also use each scan directive as an environment variable in your CI configuration by adding SRCCLR_ before the directive name and changing the directive name to be all uppercase. For example: