Configure the update advisor for Veracode SCA

The update advisor provides a safe version to which Veracode recommends you update your libraries with agent-based scanning. If you configure it in your build automation script, it also indicates if the update might break a build.

The update advisor determines the potential of breaking a build only for Java, .NET, Python, and Ruby libraries.

To complete this task:

Add the --update-advisor argument to your build script. For example:
```
EXTRA_ARGS='--update-advisor'
```
Add the argument to the scan command.
- If you scan with a CI tool, add the argument to the build script for your Veracode SCA agent-based scanning project. For example:
```
curl -sSL https://sca-downloads.veracode.com/ci.sh | bash -s – scan $EXTRA_ARGS
```
- If you scan on your local machine with the Veracode SCA agent, add the argument in your agent.yml file. For example:
```
srcclr scan <example_path>/example-java-maven --EXTRA_ARGS 
```

Next steps:

After you perform a scan with the update advisor enabled, your results include a Breaking Update column in the Update Advisor section.

Did you find this helpful?