To use automatic pull requests for Veracode Software Composition Analysis agent-based scanning, you need permission to create pull requests in GitHub.
To get permission to create pull requests:
- Go to https://github.com/settings/tokens.
- If prompted, enter your GitHub credentials and log in.
- On the New personal access token page, click Generate new token.
- Enter a token description. For example: Allow Veracode Agent-Based Scan to generate pull requests
- Select the repo checkbox.
- Click Generate token.
-
After the token generates, click the clipboard icon
to copy the token and save it to a safe location.
Note: After you leave the page, you cannot access this token again. -
Add your token using one of these methods:
- Add this code to the agent.yml
file installed in your
~/.srcclr
folder:
scmType: GITHUB scmToken: <token copied in earlier step>
- Set the token as an environment variable in a command script. For
example, add this code in Linux
bash:
export SRCCLR_SCM_TYPE="GITHUB" export SRCCLR_SCM_TOKEN="<token copied in earlier step>"
- Add this code to the agent.yml
file installed in your
~/.srcclr
folder:
-
If you are using an installation of GitHub other than
GitHub.com, add your project URL using one of these
methods:
- Add the project URL to the agent.yml
file installed in your
~/.srcclr folder. For
example:
scmUrl: https://github.acme.io
- Set the project URL as an environment variable in a command script. For
example, add this code in Linux
bash:
export SRCCLR_SCM_URL="https://github.acme.io"
- Add the project URL to the agent.yml
file installed in your
~/.srcclr folder. For
example: