Include SCA findings in policy
You can restrict an application from using vulnerable third-party components by adding Veracode Software Composition Analysis (SCA) requirements to your policy.
You can also assign a policy to a workspace used for SCA agent-based scans.