Configure the Update Advisor

Veracode Software Composition Analysis

The update advisor provides a safe version to which Veracode recommends you update your libraries with agent-based scanning. If you configure it in your build automation script, it also indicates if the update might break a build.

Note: The update advisor determines the potential of breaking a build only for Java, .NET, Python, and Ruby libraries.

To configure the update advisor to identify the potential build-breaking updates:

  1. Add the --update-advisor argument to your build script. For example:
    EXTRA_ARGS='--update-advisor'
  2. Add the argument to the scan command. For example:
    • If you scan with a CI tool, add the argument to the build script for your Veracode SCA agent-based scanning project. For example:
      curl -sSL https://download.sourceclear.com/ci.sh | bash -s – scan $EXTRA_ARGS
    • If you scan on your local machine with the Veracode SCA agent, add the argument in your agent.yml file. For example:
      srcclr scan <example_path>/example-java-maven --EXTRA_ARGS 
After you perform a scan with the update advisor enabled, your results include a Breaking Update column in the Update Advisor section.

update advisor section