Enable Pull Requests for GitHub

Veracode Software Composition Analysis

To use automatic pull requests for Veracode Software Composition Analysis agent-based scanning, you need permission to create pull requests in GitHub.

To get permission to create pull requests:

  1. Go to https://github.com/settings/tokens.
  2. If prompted, enter your GitHub credentials and log in.
  3. On the New personal access token page, click Generate new token.
  4. Enter a token description. For example: Allow Veracode Agent-Based Scan to generate pull requests
  5. Select the repo checkbox.
  6. Click Generate token.
  7. After the token generates, click the clipboard icon copy token to copy the token and save it to a safe location.
    Note: After you leave the page, you cannot access this token again.
  8. Add your token using one of these methods:
    • Add this code to the agent.yml file installed in your ~/.srcclr folder:
      scmType: GITHUB
      scmToken: <token copied in earlier step>
    • Set the token as an environment variable in a command script. For example, add this code in Linux bash:
      export SRCCLR_SCM_TYPE="GITHUB"
      export SRCCLR_SCM_TOKEN="<token copied in earlier step>"
  9. If you are using an installation of GitHub other than GitHub.com, add your project URL using one of these methods:
    • Add the project URL to the agent.yml file installed in your ~/.srcclr folder. For example:
      scmUrl: https://github.acme.io
    • Set the project URL as an environment variable in a command script. For example, add this code in Linux bash:
      export SRCCLR_SCM_URL="https://github.acme.io"