You must have the Security Lead, Workspace Administrator, or
Workspace Editor role
to link projects to
Linking a project to an application sends the inventory of that project to the
application profile, allowing the application profile to reflect all libraries and
vulnerabilities found through agent-based scans.
You can link multiple projects to an application. If you want to link one project to
multiple applications, you need to scan that project under multiple workspaces, then link
each instance of that project to a different application.
Veracode only supports evaluating applications against your Veracode policy when you
scan with the upload and scan method. Therefore, you must perform an upload scan to
allow Veracode to evaluate the policy status of third-party libraries included in an
application profile through a linked project. To extract findings from linked
projects using an API, Veracode recommends you use the Findings REST
To link a project to an application: