Skip to main content

SCA Updates - Commercial

· 4 min read

The updates on this page apply to Veracode Software Composition Analysis (SCA) in the Commercial Region.

March 16, 2023

New Mitigation Type Available for SCA Upload Scans

You can now choose to accept the risk of specific vulnerabilities and licenses as part of your mitigation process for Veracode SCA upload scans. This mitigation type is already available for Veracode Static Analysis and Dynamic Analysis.

February 3, 2023

Region Flag for Agent-Based Scans

Veracode SCA agent-based scans now provide a region flag that you can use to configure accounts in the European Region and United States Federal Region.

February 2, 2023

JRE Upgrade for SCA Agent

Veracode has upgraded the Java Runtime Environment (JRE) that is bundled with the Software Composition Analysis (SCA) agent.

January 13, 2023

Improved SCA Support for Python 3

Veracode Software Composition Analysis (SCA) agent-based scans now more effectively locate local Python 3 installations.

December 14, 2022

SCA Support for Android

Veracode Software Composition Analysis (SCA) now supports scanning Android projects. This support includes AAR files for agent-based scans and APK and AAB files for upload scans.

September 15, 2022

SCA Support for Go Aliases

Veracode Software Composition Analysis (SCA) now supports aliases in Go projects. This support includes agent-based and upload scans.

Vulnerable Method Support for Java 17

Veracode SCA agent-based scanning now supports vulnerable method analysis for Java 17.

August 22, 2022

Set SCM URI as Project Name

You can now set the source code management (SCM) URI as your project name using the --uri-as-name option in your Veracode SCA agent-based scans.

July 22, 2022

SBOM API Support for SCA Agent-Based Scans Linked to Application Profiles

You can now use the Veracode SCA Agent REST API to create a software bill of materials (SBOM) from the results of your Veracode SCA agent-based scans that you have linked to an application profile. The API generates an SBOM in CycloneDX JSON format.

June 6, 2022

Generate SBOMs for SCA Agent-Based Scans with the REST API

You can now use the Veracode SCA Agent REST API to create a software bill of materials (SBOM) from the results of your Veracode SCA agent-based scans. The API generates an SBOM in CycloneDX JSON format.

May 9, 2022

SBOM API Support for Promoted Sandbox Scans

You can now generate a software bill of materials (SBOM) for Veracode SCA upload scans that have been promoted from sandbox to policy scans. The Veracode SCA Agent REST API includes promoted sandbox scan results when it returns a CycloneDX SBOM for an application.

SCA Upload and Scan Table Update

Veracode has removed the Number of Known Vulnerabilities by Severity column from the Applications table on the Upload and Scan page in the Veracode Platform. This update significantly reduces load times for the page. You can still view the number of known vulnerabilities by severity for each application in the application profile.

April 26, 2022

Generate SBOMs for SCA Upload Scans with the REST API

You can now use the Veracode SCA Agent REST API to create a software bill of materials (SBOM) from the results of your Veracode SCA upload scans. The API generates an SBOM in CycloneDX JSON format.

January 20, 2022

JSON Output for Agent-Based Scans Includes CVSS v3 Score

Veracode Software Composition Analysis (SCA) now provides the CVSS version 3 score in the JSON CLI output of your agent-based scan results. To use this feature, you must upgrade your Veracode SCA agent to version 3.7.77 or later.