Skip to main content

GRC integrations

Veracode provides integrations for Governance, Risk, and Compliance (GRC), including vulnerability management and workflow orchestration. The Veracode integrations for GRC platforms enable you to include security vulnerabilities found by Veracode in the reporting of enterprise-wide risk assessments, providing a single-pane view for all risk factors. Code vulnerabilities are integrated into the GRC objectives, making enterprise software security part of the overall risk management strategy.

To interact with other users of these integrations, visit the Community forum.

note

Veracode APIs and integrations require access to specific Region Domains, depending on the region for your Veracode account. Contact your IT team to ensure the correct domains for your region are on the allowlist for your organization. Also, ensure that there is one-way communication on port 443 to the domain for the REST APIs. Refer to the complete list of domains and IP addresses to add to your allowlist.

Select from the following GRC integrations:

BMC Compuware Topaz Workbench

Veracode for Topaz Workbench integrates the Veracode Static for Eclipse plugin with BMC Compuware Topaz Workbench, which enables you to run Veracode security scans of mainframe applications. Topaz Workbench edits and debugs the code, then the Veracode integration scans the code for security risks. Developers can shift left and scan code for security defects early in the SDLC. The integration supports several languages, including COBOL.

Integration type: Partner

Broadcom Automic

Veracode for Broadcom Automic enables you to manage users, create summary reports, start scans, and create application profiles from within Automic Automation. Broadcom develops and supports this integration.

Supported scan types: Static Analysis (SAST)

Integration type: Partner

Code Dx

Veracode for Code Dx imports Veracode findings into Code Dx. The Code Dx platform de-duplicates, normalizes, and correlates all findings from all application security testing tools into a single, coherent, prioritized list. Code Dx orchestrates scan automation, automates triage and prioritization of findings, and tracks remediation, while continuously assessing the security risks across the entire SDLC.

Supported scan types: Static Analysis (SAST), Dynamic Analysis (DAST), Software Composition Analysis (SCA)

Synopsys is a member of the Veracode Technology Alliance Program.

Integration type: Partner

Cybeats

Veracode for Cybeats integrates Veracode SBOM management with Cybeats SBOM Studio to provide you with richer software supply chain intelligence. It enables you to visually and effectively manage your SBOMs throughout the SDLC. The integration continuously monitors the SBOMs for new vulnerabilities, data integrity, hierarchy, and to ensure that they meet the requirements for common SBOM standards, such as CycloneDX and SPDX. You can visualize the risk and extract more value from your SBOMs to meet compliance, improve operational efficiency, and increase revenue.

Integration type: Partner

DefectDojo

Use DefectDojo to import and manage Dynamic Analysis vulnerabilities from DAST Essentials.

Integration type: Community

Faraday (Infobyte)

Use Faraday to import and manage Dynamic Analysis vulnerabilities from DAST Essentials.

Integration type: Community

Harness (ZeroNorth)

Veracode for Harness imports Veracode findings into Harness. The Harness platform centrally orchestrates Veracode application security scanning. It automatically manages and unifies discovered findings for security and development teams to use. Security and business executives can gain critical visibility into their overall security posture, as well as a common framework for understanding and managing risk.

Supported scan types: Static Analysis (SAST), Software Composition Analysis (SCA)

Harness is a member of the Veracode Technology Alliance Program.

Integration type: Partner

Kenna Security

Veracode for Kenna Security imports Veracode findings into the Kenna Security defect-tracking system.

Supported scan types: Static Analysis (SAST), Dynamic Analysis (DAST), Software Composition Analysis (SCA)

Kenna Security is a member of the Veracode Technology Alliance Program.

Integration type: Partner

Kondukto

Veracode for Kondukto imports Veracode findings into the Kondukto DevOps platform. The platform provides a single, holistic, correlated view of findings discovered at all stages of software development from all application security tools.

Supported scan types: Static Analysis (SAST), Software Composition Analysis (SCA)

Kondukto is a member of the Veracode Technology Alliance Program.

Integration type: Partner

Kovair

Veracode for Kovair enables the Kovair DevOps platform to automate Static Analysis and Dynamic Analysis scans in your DevOps pipelines. You can use the management dashboards in Kovair DevOps for compliance and governance of Veracode findings.

Supported scan types: Static Analysis (SAST), Dynamic Analysis (DAST)

Kovair is a member of the Veracode Technology Alliance Program.

Integration type: Partner

Oobeya

Veracode for Oobeya imports findings from Veracode scans to the Oobeya software engineering intelligence platform. The Oobeya platform collects and analyzes data related to software development, delivery, and agile board activities, such as commits, pull requests, deployments, and issues. It generates actionable insights at various levels, including individual, team, organizational, and system levels. Software organizations can use the platform to gather and analyze data from various sources to make informed decisions and optimize their development and delivery processes.

Supported scan types: Static Analysis (SAST), Dynamic Analysis (DAST), Software Composition Analysis (SCA)

Oobeya is a member of the Veracode Technology Alliance Program.

Integration type: Partner