Skip to main content

Manage findings

During security scanning, Veracode uses specific methodologies and techniques to determine the overall security score of your applications. Veracode provides the scan results in various reports, which you can review to understand the security of your applications and to determine the next steps for addressing security findings.

Fix findings with Veracode Fix

About Veracode Fix

Use AI-generated code fixes to patch findings from a Static Analysis.

Understanding Veracode methodologies

These topics explain the methodologies and techniques that Veracode uses to produce a security score of your applications:

About the Veracode Methodology

Veracode uses multiple analysis techniques to provide a consolidated application security rating.

About Business Criticality

Your application security policy is based on the business criticality for the application or the level of risk the application can tolerate based on its anticipated use.

Scoring Methodology

The Veracode scoring system is based on industry-standard classifications of security findings and exploit impact.

Veracode and the CWE

Veracode uses the industry standard Common Weakness Enumeration (CWE) as a taxonomy for findings.

Understanding Severity and Exploitability

Severity and exploitability are different measures of the seriousness of a finding.

Best Practice Findings

Veracode can detect certain uses of security best practices.

About Manual Assessments

Manual assessments may provide some additional types of information about the security of an application.

Accessing reports

These topics describe how to access different downloadable views of the application findings. The Summary Report is available for all third-party and open-source applications. The Detailed Report and Detailed XML Reports are available for internally developed and maintained applications.

Download a Summary Report

Download a summary of the findings identified for your application. The summary does not contain detailed findings information.

Access the PCI Report

View and download a report that evaluates your application against the latest PCI standard.

Download the Detailed XML Report

Download a copy of the detailed results for your application in XML format.

View the Dynamic Analysis Coverage Report

Get Dynamic Analysis information about the scan coverage of your application.

Share VAST vendor shared reports

VAST program vendor users can share results of their latest scans to an enterprise organization.

Download VAST vendor shared reports

VAST program enterprise users can access results from vendor application scans

If you need further assistance understanding your scan results, schedule a consultation call with Veracode Technical Support.