veracode · Nigel-Bradley · May 29, 2026
diff --git a/README.md b/README.md
@@ -122,6 +122,11 @@ __Optional__ - do not include dependency graphs in the JSON output.
 
 Default Value: __false__
 
+### `no-upload`
+__Optional__ - run the Veracode SCA scan with `--no-upload` to skip uploading scan results to the Veracode platform.
+
+Default Value: __false__
+
 ## Examples
 
 ### Scan your repository with textual output

diff --git a/action.yml b/action.yml
@@ -57,6 +57,10 @@ inputs:
     description: "Run the SRCCLR with the `--no-graphs` option"
     required: false
     default: "false"
+  no-upload:
+    description: "Run the SRCCLR with the `--no-upload` option to skip uploading scan results to the Veracode platform"
+    required: false
+    default: "false"
   platformType:
     description: 'Specifies the platform environment type — use CLOUD for GitHub.com or ENTERPRISE for GitHub Enterprise Server (GHES).'
     default: 'CLOUD'

diff --git a/dist/index.js b/dist/index.js
diff --git a/src/action.ts b/src/action.ts
@@ -18,6 +18,7 @@ const options: Options = {
     debug: core.getBooleanInput('debug'),
     "skip-vms": core.getBooleanInput('skip-vms'),
     "no-graphs": core.getBooleanInput('no-graphs'),
+    noUpload: core.getBooleanInput('no-upload'),
     recursive: core.getBooleanInput('recursive'),
     "skip-collectors": core.getInput('skip-collectors').split(','),
     "scan-collectors": core.getInput('scan-collectors').split(','),

diff --git a/src/options.d.ts b/src/options.d.ts
@@ -12,6 +12,7 @@ export interface Options {
     recursive:boolean,
     "skip-vms":boolean,
     "no-graphs":boolean,
+    noUpload: boolean,
     "skip-collectors": Array<string>,
     "scan-collectors": Array<string>
     platformType: string,

diff --git a/src/srcclr.ts b/src/srcclr.ts
@@ -188,7 +188,7 @@ async function runScan(options: Options): Promise<void> {
         // Always use the base artifact name regardless of output format
         // (whether it contains JSON+TXT with --show-cli or TXT only)
         const artifactNameBase = 'Veracode Agent Based SCA Results';
-        extraCommands = `${extraCommands}${options.recursive ? '--recursive ' : ''}${options.quick ? '--quick ' : ''}${options.allowDirty ? '--allow-dirty ' : ''}${options.updateAdvisor ? '--update-advisor ' : ''}${skipVMS ? '--skip-vms ' : ''}${noGraphs ? '--no-graphs ' : ''}${options.debug ? '--debug ' : ''}${skipCollectorsAttr}${scanCollectorsAttr}`;
+        extraCommands = `${extraCommands}${options.recursive ? '--recursive ' : ''}${options.quick ? '--quick ' : ''}${options.allowDirty ? '--allow-dirty ' : ''}${options.updateAdvisor ? '--update-advisor ' : ''}${skipVMS ? '--skip-vms ' : ''}${noGraphs ? '--no-graphs ' : ''}${options.noUpload ? '--no-upload ' : ''}${options.debug ? '--debug ' : ''}${skipCollectorsAttr}${scanCollectorsAttr}`;
 
         if (runnerOS == 'Windows') {
             const powershellCommand = `powershell -NoProfile -ExecutionPolicy Bypass -Command "Invoke-WebRequest https://sca-downloads.veracode.com/ci.ps1 -OutFile $env:TEMP\\ci.ps1; & $env:TEMP\\ci.ps1 -s -- scan ${extraCommands} ${commandOutput}"`

diff --git a/src/test/testRun.ts b/src/test/testRun.ts
@@ -19,6 +19,7 @@ const options: Options = {
     recursive:false,
     "skip-vms":false,
     "no-graphs":false,
+    noUpload: false,
     platformType:'CLOUD',
     breakBuildOnPolicyFindings:'false',
     scaFixEnabled: false,