View the list below for highlights of previous releases.
August 15, 2019
- Veracode Integrated Software Composition Analysis
- Veracode Integrated Software Composition Analysis (SCA) is now available. This new
product supports agent-based scans and scans of binaries uploaded to the Veracode
Platform to identify your third-party components and discover security findings.
Veracode Integrated SCA provides additional features, including:
- Robust language support
- Proprietary vulnerability data
- Vulnerable method analysis
- Automatic pull requests for GitHub and GitLab integrations
- Linking applications to projects to include SCA findings in your Static Analysis and Dynamic Analysis results
July 23, 2019
- New Video: Enable Pull Requests for GitHub for Use in Agent-Based Scans
- This video shows you how to enable pull requests in GitHub so you can use automatic pull requests for agent-based scans.
- New Video: Enable Pull Requests for GitLab for Use in Agent-Based Scans
- This video shows you how to enable pull requests in GitLab so you can use automatic pull requests for agent-based scans.
- New Video: Enable Update Advisor and Configure Agent for Automatic Pull Requests
- This video shows you how to:
- Enable the update advisor
- Enable automatic pull requests to modify package dependency files
- Update the libraries to the recommended safe version
July 3, 2019
- SourceClear Update Advisor
- You can now configure your SourceClear SCA scan results to include the update advisor. The update advisor recommends a safe version to which you update your libraries and indicates if the update could break a build.
- Automatic Pull Requests in SourceClear
- SourceClear SCA now supports automatically generating pull requests for repositories hosted in GitHub and GitLab. You can configure the parameters of the pull request generation to effectively integrate with your build process.
June 6, 2019
- Swift Support in SourceClear
- SourceClear SCA now supports scanning Swift libraries from the CocoaPods package manager for vulnerabilities and license risk.
May 16, 2019
- C/C++ Support in SourceClear
- SourceClear SCA now supports scanning C/C++ libraries native to RHEL and CentOS for vulnerabilities and license risk.
May 14, 2019
- Unmatched Library Filter
- SourceClear SCA now provides the option to display all the third-party libraries in your workspace or project inventories that it cannot identify.
February 14, 2019
- SourceClear Container Scanning
- SourceClear SCA now supports the ability to scan Red Hat and CentOS Docker containers. You can scan containers for third-party library vulnerabilities and license risk using the command-line interface (CLI), or as part of your continuous integration (CI) pipelines.
January 18, 2019
- Issues Endpoint for SourceClear API
- SourceClear SCA has released a new endpoint to the REST API that allows you to programmatically extract the issues generated from your scans.
January 8, 2019
- New REST API for SourceClear SCA
- SourceClear SCA now supports the use of a REST API to programmatically extract
high-level workspace information on specific workspaces or all the workspaces to which
you have access. You also have the ability to filter your workspaces on library,
vulnerability, and license. Note: This release does not include the ability to extract issues found in scans on a workspace.