Veracode SCA remediation guidance
These guidelines can help you lower your application risk in Veracode Software Composition Analysis.
-
Download the latest version, or least-vulnerable version of the component.
noteThe latest version of the component is not always the least vulnerable.
-
Replace the vulnerable component with a different component with similar functionality.
-
Use environmental controls to suppress application risk. If you are using the vulnerable portion of the component, try a workaround.
-
Mitigate the functionality of the vulnerability or license in the component.
-
Build your own secure component.