The updates on this page apply to Veracode Software Composition Analysis (SCA) in the Commercial Region.
March 16, 2023
New Mitigation Type Available for SCA Upload Scans
You can now choose to accept the risk of specific vulnerabilities and licenses as part of your mitigation process for Veracode SCA upload scans. This mitigation type is already available for Veracode Static Analysis and Dynamic Analysis.
February 3, 2023
Region Flag for Agent-Based Scans
Veracode SCA agent-based scans now provide a region flag that you can use to configure accounts in the European Region and United States Federal Region.
February 2, 2023
JRE Upgrade for SCA Agent
Veracode has upgraded the Java Runtime Environment (JRE) that is bundled with the Software Composition Analysis (SCA) agent.
January 13, 2023
Improved SCA Support for Python 3
Veracode Software Composition Analysis (SCA) agent-based scans now more effectively locate local Python 3 installations.
December 14, 2022
SCA Support for Android
Veracode Software Composition Analysis (SCA) now supports scanning Android projects. This support includes AAR files for agent-based scans and APK and AAB files for upload scans.
September 15, 2022
SCA Support for Go Aliases
Veracode Software Composition Analysis (SCA) now supports aliases in Go projects. This support includes agent-based and upload scans.
Vulnerable Method Support for Java 17
Veracode SCA agent-based scanning now supports vulnerable method analysis for Java 17.
August 22, 2022
Set SCM URI as Project Name
You can now set the source code management (SCM) URI as your project name using the --uri-as-name option in your Veracode SCA agent-based scans.
July 22, 2022
SBOM API Support for SCA Agent-Based Scans Linked to Application Profiles
You can now use the Veracode SCA Agent REST API to create a software bill of materials (SBOM) from the results of your Veracode SCA agent-based scans that you have linked to an application profile. The API generates an SBOM in CycloneDX JSON format.
June 6, 2022
Generate SBOMs for SCA Agent-Based Scans with the REST API
You can now use the Veracode SCA Agent REST API to create a software bill of materials (SBOM) from the results of your Veracode SCA agent-based scans. The API generates an SBOM in CycloneDX JSON format.
May 9, 2022
SBOM API Support for Promoted Sandbox Scans
You can now generate a software bill of materials (SBOM) for Veracode SCA upload scans that have been promoted from sandbox to policy scans. The Veracode SCA Agent REST API includes promoted sandbox scan results when it returns a CycloneDX SBOM for an application.
SCA Upload and Scan Table Update
Veracode has removed the Number of Known Vulnerabilities by Severity column from the Applications table on the Upload and Scan page in the Veracode Platform. This update significantly reduces load times for the page. You can still view the number of known vulnerabilities by severity for each application in the application profile.
April 26, 2022
Generate SBOMs for SCA Upload Scans with the REST API
You can now use the Veracode SCA Agent REST API to create a software bill of materials (SBOM) from the results of your Veracode SCA upload scans. The API generates an SBOM in CycloneDX JSON format.
January 20, 2022
JSON Output for Agent-Based Scans Includes CVSS v3 Score
Veracode Software Composition Analysis (SCA) now provides the CVSS version 3 score in the JSON CLI output of your agent-based scan results. To use this feature, you must upgrade your Veracode SCA agent to version 3.7.77 or later.