Veracode Software Composition Analysis (SCA) agents support scans that include per-scan directives, known as scan directives. To specify these scan directives on a per-project basis, include a
srcclr.yml file at the root of the scan.
When you include a comma-separated list in a directive, enclose the string in quotation marks.
You can also use each scan directive as an environment variable in your CI configuration by adding
SRCCLR_ before the directive name and changing the directive name to be all uppercase. For example: