Veracode Software Composition Analysis Past Release Notes

Veracode Release Notes

View the list below for highlights of previous releases.

August 15, 2019

Veracode Integrated Software Composition Analysis
Veracode Integrated Software Composition Analysis (SCA) is now available. This new product supports agent-based scans and scans of binaries uploaded to the Veracode Platform to identify your third-party components and discover security findings. Veracode Integrated SCA provides additional features, including:
  • Robust language support
  • Proprietary vulnerability data
  • Vulnerable method analysis
  • Automatic pull requests for GitHub and GitLab integrations
  • Linking applications to projects to include SCA findings in your Static Analysis and Dynamic Analysis results
For information on how to access Veracode Integrated SCA, contact your Veracode account manager.

July 23, 2019

New Video: Enable Pull Requests for GitHub for Use in Agent-Based Scans
This video shows you how to enable pull requests in GitHub so you can use automatic pull requests for agent-based scans.
New Video: Enable Pull Requests for GitLab for Use in Agent-Based Scans
This video shows you how to enable pull requests in GitLab so you can use automatic pull requests for agent-based scans.
New Video: Enable Update Advisor and Configure Agent for Automatic Pull Requests
This video shows you how to:
  • Enable the update advisor
  • Enable automatic pull requests to modify package dependency files
  • Update the libraries to the recommended safe version

July 3, 2019

SourceClear Update Advisor
You can now configure your SourceClear SCA scan results to include the update advisor. The update advisor recommends a safe version to which you update your libraries and indicates if the update could break a build.
Automatic Pull Requests in SourceClear
SourceClear SCA now supports automatically generating pull requests for repositories hosted in GitHub and GitLab. You can configure the parameters of the pull request generation to effectively integrate with your build process.

June 6, 2019

Swift Support in SourceClear
SourceClear SCA now supports scanning Swift libraries from the CocoaPods package manager for vulnerabilities and license risk.

May 16, 2019

C/C++ Support in SourceClear
SourceClear SCA now supports scanning C/C++ libraries native to RHEL and CentOS for vulnerabilities and license risk.

May 14, 2019

Unmatched Library Filter
SourceClear SCA now provides the option to display all the third-party libraries in your workspace or project inventories that it cannot identify.

February 14, 2019

SourceClear Container Scanning
SourceClear SCA now supports the ability to scan Red Hat and CentOS Docker containers. You can scan containers for third-party library vulnerabilities and license risk using the command-line interface (CLI), or as part of your continuous integration (CI) pipelines.

January 18, 2019

Issues Endpoint for SourceClear API
SourceClear SCA has released a new endpoint to the REST API that allows you to programmatically extract the issues generated from your scans.

January 8, 2019

New REST API for SourceClear SCA
SourceClear SCA now supports the use of a REST API to programmatically extract high-level workspace information on specific workspaces or all the workspaces to which you have access. You also have the ability to filter your workspaces on library, vulnerability, and license.
Note: This release does not include the ability to extract issues found in scans on a workspace.