Agent scan directives
scan_collectors
By default, Veracode SCA agents find all supported build tools and package managers in the directory specified by the scan command, or the current directory for CI scans. You can use scan_collectors
to specify which build tools and package managers to use. The possible values for scan_collectors
are:
Language | Collector |
---|---|
Java |
|
Scala |
|
Go |
|
Python |
|
JavaScript |
|
Objective-C | cocoapods |
Ruby | gem |
PHP | composer |
C/C++ |
|
C#/.NET |
|
When you run the SCA agent with the --quick
option, the possible values for scan_collectors
are:
Language | Collector |
---|---|
Java | "jar quickscan" |
Scala | "jar quickscan" |
Go |
|
Python | "pipfile.lock quickscan" |
JavaScript |
|
Objective-C | "podfile.lock quickscan" |
Ruby | "gemfile.lock quickscan" |
PHP | "composer quickscan" |
C/C++ | "sofile quickscan" |
C#/.NET |
|
Example:
scan_collectors: "gem, maven"
skip_collectors
By default, Veracode SCA agents find all supported build tools and package managers in the directory specified by the scan command, or the current directory for CI scans. You can use skip_collectors
to specify which build tools and package managers to ignore when running a scan. The possible values for skip_collectors
are:
Language | Collector |
---|---|
Java |
|
Scala |
|
Go |
|
Python |
|
JavaScript |
|
Objective-C | cocoapods |
Ruby | gem |
PHP | composer |
C/C++ |
|
C#/.NET |
|
When you run the SCA agent with the --quick
option, the possible values for skip_collectors
are:
Language | Collector |
---|---|
Java | "jar quickscan" |
Scala | "jar quickscan" |
Go |
|
Python | "pipfile.lock quickscan" |
JavaScript |
|
Objective-C | "podfile.lock quickscan" |
Ruby | "gemfile.lock quickscan" |
PHP | "composer quickscan" |
C/C++ | "sofile quickscan" |
C#/.NET |
|
Example:
skip_collectors: "godep,govendor,go get"
If you include a comma-separated list with the skip_collectors
command using PowerShell, you must enclose the string in quotation marks to avoid errors.
scan_analyzers
In container scans, Veracode SCA agents find all supported build tools and package managers in the directory specified by the scan command or the current directory for CI scans, by default. You can use scan_analyzers
to specify which build tools and package managers to use. The possible values for scan_analyzers
are:
Analyzer | Package Manager | Language/Distribution |
---|---|---|
yum | yum | CentOS, RHEL |
gem | gem | Ruby |
pip2 | pip2 | Python 2 |
pip3 | pip3 | Python 3 |
npm | NPM | JavaScript |
apk | apk | Alpine |
apt | apt | Debian, Ubuntu |
Example:
scan_analyzers: "apk, yum"
skip_analyzers
In container scans, Veracode SCA agents find all supported build tools and package managers in the directory specified by the scan command or the current directory for CI scans, by default. You can use skip_analyzers
to specify which build tools and package managers to ignore when running a scan. The possible values for skip_analyzers
are:
Analyzer | Package Manager | Language/Distribution |
---|---|---|
yum | yum | CentOS, RHEL |
gem | gem | Ruby |
pip2 | pip2 | Python 2 |
pip3 | pip3 | Python 3 |
npm | NPM | JavaScript |
apk | apk | Alpine |
apt | apt | Debian, Ubuntu |
Example:
skip_analyzers: "apk, yum"
vuln_methods_ignored_directories
A comma-separated list of directories that you want Veracode to ignore during a vulnerable method analysis. This directive overrides the default directories.
Example:
vuln_methods_ignored_directories: doc
vuln_methods_extra_ignored_directories
A comma-separated list of directories that adds to the default per-language set that the agent ignores during a vulnerable method analysis.
vuln_methods_extra_ignored_directories: "doc, test"
Default values:
- Ruby:
test
- Java:
test
- Python:
test
,tests
,doc
,docs
,bin
,.virtualenv
,env
,venv
ssl_cert_dir
A filepath that specifies the directories that contain X.509 certificates that the Veracode SCA agent should trust in addition to the certificates present in the Java Runtime Environment (JRE) or stored in your operating system. If you enter multiple directories, separate the filepaths with the correct path separator for your operating system. For example, use a colon (:
) for Linux and macOS.
Default value: the certificate location directory specified in the Java Virtual Machine (JVM).
Example:
ssl_cert_dir: C:\path\to\certificate\directory
ssl_cert_file
A filepath that specifies the X.509 certificates that the Veracode SCA agent should trust in addition to the certificates present in the JRE or stored in your operating system. If you enter multiple files, separate the filepaths with the correct path separator for your operating system. For example, use a colon (:
) for Linux and macOS. If specified, this value overrides the ssl_cert_dir
directive.
Default value: the certificate location specified in the JVM.
Example:
ssl_cert_file: C:\path\to\certificate\example_cert.cer
scope
For scope options, see Multi-Language Scan Directives.