Install the Veracode SCA CLI agent

By default, the agent you create is not visible to team members. To allow visibility, invite teams to your workspace.

To complete this task:

In the Veracode Platform, select Scans & Analysis > Software Composition Analysis.
Select Agent-Based Scan.
Select a workspace.
Select Agents > Actions > Create.
On the Set Up Scanner page, select the operating system for your agent.

Open a terminal window from your desktop and copy one of the commands from the Choose install option section, depending on your preferred method of installation:

cURL:

curl -sSL https://download.sourceclear.com/install | sh

apt-get:

curl -sSL 'https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xdf7dd7a50b746dd4' | sudo gpg --dearmor -o /usr/share/keyrings/veracode-sca-archive.gpg
echo 'deb [signed-by=/usr/share/keyrings/veracode-sca-archive.gpg] https://download.sourceclear.com/ubuntu stable/' | sudo tee /etc/apt/sources.list.d/veracode-sca.list
sudo apt-get update
sudo apt-get install srcclr                    

Add the agent-based scanning repository to your list of YUM repositories by creating a file /etc/yum.repos.d/SRCCLR.repo with this content:
```
 [SourceClear] name=SourceClear baseurl=https://download.sourceclear.com/redhat/x86_64/
 enabled=1 gpgcheck=1 gpgkey=https://download.sourceclear.com/redhat/SRCCLR-GPG-KEY
```
To update and install, run:
```
sudo yum update sudo yum install srcclr
```
The first time you run this command, you are prompted to accept the GPG key.

APK (Alpine):

sudo sh -c 'echo https://download.sourceclear.com/alpine/main >> /etc/apk/repositories'
sudo wget -P /etc/apk/keys https://download.sourceclear.com/alpine/public-keys/[email protected]
sudo apk add srcclr

Homebrew:

brew tap veracode/srcclr
brew install srcclr

Homebrew (if you have previously installed version 3.8.30 or earlier of the Veracode SCA agent):
```
brew uninstall srcclr
brew untap srcclr/srcclr
brew tap veracode/srcclr
brew install srcclr
```
Chocolatey:
```
choco install srcclr
```

From the Command Line Interface page in the Veracode Platform, copy the activation token under the srcclr activate command.
Run the activate command for your region from the agent server:
- Commercial Region: srcclr activate
- European Region: srcclr activate --region ER
- United States Federal Region: srcclr activate --region FED
Paste the token you copied into your terminal and press Enter. After entering your activation token, your agent.yml configuration file installs to the ~/.srcclr folder. If that file already exists, you are prompted to enter a profile name. This profile name allows you to choose which token you use when scanning. Veracode recommends that you use the name of the workspace associated with the token.
To verify your agent installation, run one of the following commands to ensure you scan the package manager:
- Ant: srcclr test --ant
- Bower: srcclr test --bower
- Cocoapods: srcclr test --cocoapods
- Composer: srcclr test --composer
- Glide: srcclr test --glide
- Go Get: srcclr test --go
- Godep: srcclr test --godep
- Govendor: srcclr test --govendor
- Gradle: srcclr test --gradle
- Ivy: srcclr test --ivy
- Maven: srcclr test --maven
- NPM: srcclr test --npm
- Python: srcclr test --pip
- Ruby Gems: srcclr test --gem
- SBT: srcclr test --sbt
- Trash: srcclr test --trash
- Yarn: srcclr test --yarn
- Nuget: srcclr test --nuget

Results:

If the CLI installs successfully, you can view all the tests with a result of PASSED.

Did you find this helpful?