Veracode Software Composition Analysis Release Notes

Veracode Release Notes

August 15, 2019

Veracode Integrated Software Composition Analysis
Veracode Integrated Software Composition Analysis (SCA) is now available. This new product supports agent-based scans and scans of binaries uploaded to the Veracode Platform to identify your third-party components and discover security findings. Veracode Integrated SCA provides additional features, including:
  • Robust language support
  • Proprietary vulnerability data
  • Vulnerable method analysis
  • Automatic pull requests for GitHub and GitLab integrations
  • Linking applications to projects to include SCA findings in your Static Analysis and Dynamic Analysis results
For information on how to access Veracode Integrated SCA, contact your Veracode account manager.

July 23, 2019

New Video: Enable Pull Requests for GitHub for Use in Agent-Based Scans
This video shows you how to enable pull requests in GitHub so you can use automatic pull requests for agent-based scans.
New Video: Enable Pull Requests for GitLab for Use in Agent-Based Scans
This video shows you how to enable pull requests in GitLab so you can use automatic pull requests for agent-based scans.
New Video: Enable Update Advisor and Configure Agent for Automatic Pull Requests
This video shows you how to:
  • Enable the update advisor
  • Enable automatic pull requests to modify package dependency files
  • Update the libraries to the recommended safe version

July 3, 2019

SourceClear Update Advisor
You can now configure your SourceClear SCA scan results to include the update advisor. The update advisor recommends a safe version to which you update your libraries and indicates if the update could break a build.
Automatic Pull Requests in SourceClear
SourceClear SCA now supports automatically generating pull requests for repositories hosted in GitHub and GitLab. You can configure the parameters of the pull request generation to effectively integrate with your build process.

June 6, 2019

Swift Support in SourceClear
SourceClear SCA now supports scanning Swift libraries from the CocoaPods package manager for vulnerabilities and license risk.