SCA agent-based scanning

Audience: AppSec manager, Developer, Security leader

Prerequisites

• You have a user account and an application profile.

Learning objectives

Upon completion of this module, you'll be able to:

• Get started with a demo application.
• Scan your repository in a pipeline or from your desktop.
• Review and address your security findings.

Get started with a demo application
20 min

Learn how to run a simple SCA agent-based scan of a demo repository in your CLI.

1. Confirm your environment meets the SCA requirements
   ~2 min
2. Follow the SCA agent-based scan quickstart
   ~20 min

Scan your repository
~20 min

Get started running agent-based scans of your projects.

1. Create an SCA workspace
   ~3 min
2. If you are scanning in a pipeline, set up your integration
   ~10 min
3. If you are scanning from your desktop, set up your agent to scan in the CLI
   ~5 min

Link and manage findings
~15 min

Review your results. Results are available in the Veracode Platform and in your CLI or pipeline.

1. Link your project to an application to view findings from all scan types
   ~5 min
2. Prioritize and address findings
   ~10 min