An SCC is a civil contract between the EU entity and the foreign entity it wants to shovel data to, that exists outside of (or hand-in-hand with) the inter-governmental Privacy Shield-type agreements. They do not depend on or require such inter-governmental agreements to function - in fact you'd use them in lieu of such inter-governmental agreement. Therefore the concept of SCCs as a civil contract was upheld (or perhaps more accurately, not overturned).
However, the court also recognised that they are civil contracts between the business entities. As such, they are not binding on the governments (of either end), and as civil contracts they must exist within and can be overriden by local laws.
One of the clauses of an SCC requires that the non-EU entity the agreement is with to notify its EU partner if and when the laws of the local country (that is, at time of contract signing or if the local laws later change to make it so) override any SCC contractual provisions that impact privacy of the data. In this way, a, for example, US company if served by an NSL (National Security Letter that usually have criminally enforceable secrecy) doesn't have to tell the EU partner that it has been served with such, but it does have to tell the EU entity that it cannot abide by certain clauses - or the entirety - of the SCC, thus effectively terminating the contract. Although in this example, the fact that an NSL could be served, that the law allows for such, under which a non-US (hell, even effectively US) citizen has no rights, no standing, no recourse to US courts to fight it, is grounds to invoke the clause 5 (from the decision):
141 It follows that Clause 4(a) and Clause 5(a) and (b) in that annex oblige the controller established in the European Union and the recipient of personal data to satisfy themselves that the legislation of the third country of destination enables the recipient to comply with the standard data protection clauses in the annex to the SCC Decision, before transferring personal data to that third country.
There were two prominent US laws (actually a law and a Presidential Executive Order(EO)) that are the prime reasons for overturning Privacy Shield, Section 702 of the FISA, E.O. 12333, and since the mere existence of that law and EO is sufficient to overturn Privacy Shield, they necessarily also nullify SCCs with US entities. This doesn't affect SCCs with non-US entities, which would be taken on a country-by-country basis.
This is why some of the commentary says that SCCs are still valid, because they are. But they overlook the fact that SCCs with US entities are not valid.