User is requesting the ability to specify which files and folders should be included in Veracode scans via the Harness Native Plugin step. Currently, the plugin scans all content including third-party dependencies, causing false failures when transitive dependencies of packages like boto3 contain vulnerabilities — even when the direct dependency version is non-vulnerable.

For example, in a Python Lambda project, we want to scope the scan to only src, requirements.txt, and .toml files rather than scanning all packages and transitive dependencies. Currently, there is no option to configure an inclusion list in the Veracode Native Plugin step. Please add support for specifying files and folders to include in the scan.