Configure Your Codeship Repository

Veracode Software Composition Analysis

To scan using Veracode Software Composition Analysis agent-based scanning:
  1. Go to the project you want to scan.
  2. Select Project Settings > Testing.
  3. In the test pipelines commands, enter the following code after your build commands:
    curl -sSL https://download.sourceclear.com/ci.sh | sh
  4. Commit these changes to trigger a build for your repository.
Veracode SCA performs a scan and displays results to your agent-based scanning environment.

If you want to add Veracode SCA agent-based scanning to other repositories, add the installation and scan code above to any test pipelines you want. After you add the SRCCLR_API_TOKEN environment variable, you can perform scans on each new build.