August 15, 2019
Integrated Software Composition Analysis
- Veracode Integrated Software Composition Analysis (SCA) is now available. This new
product supports agent-based scans and scans of binaries uploaded to the Veracode
Platform to identify your third-party components and discover security findings.
Veracode Integrated SCA provides additional features, including:
For information on how to access Veracode Integrated SCA, contact your Veracode
- Robust language support
- Proprietary vulnerability data
- Vulnerable method analysis
- Automatic pull requests for GitHub and GitLab integrations
- Linking applications to projects to include SCA findings in your Static Analysis
and Dynamic Analysis results
July 3, 2019
- SourceClear Update
- You can now configure your SourceClear SCA scan results to include the update advisor.
The update advisor recommends a safe version to which you update your libraries and
indicates if the update could break a build.
- Automatic Pull Requests in
- SourceClear SCA now supports automatically generating pull requests for repositories
hosted in GitHub and GitLab. You can configure the parameters of the pull request
generation to effectively integrate with your build process.
June 6, 2019
- Swift Support in
- SourceClear SCA now supports scanning Swift libraries from the CocoaPods package
manager for vulnerabilities and license risk.