Veracode Static Analysis Past Release Notes

Veracode Release Notes

View the list below for highlights of previous releases.

August 29, 2019

.NET 4.8 Support
Veracode has improved static analysis of .NET applications by adding initial support for .NET 4.8.
Angular 7 Support
Veracode has improved static analysis by adding support for Angular 7.
Xcode 10.3 Support
Veracode has improved static analysis of iOS applications by adding support for Xcode 10.3.
Go 1.12 Support
Veracode has improved static analysis by adding support for all versions of the Go 1.x series, including versions up to 1.12. The compilation instructions in the Veracode Help Center now recommend you use the modules command when packaging Go applications for analysis.
.NET Dapper ORM Support
Veracode has improved static analysis of .NET applications by adding support for the Dapper ORM library. You may see additional security findings as a result of these improvements.
Auto-Scan Enabled by Default for New Application Profiles
Veracode has changed the default behavior of the Auto-Scan setting for static analysis, so that it is enabled by default for all new application profiles. After static analysis prescan completes, scans begin automatically. The Auto-Scan setting for existing application profiles is not affected by this change.

You can override this setting by setting the Auto-Scan After Prescan radio button to Off when submitting a prescan.

August 12, 2019

Swift 5 and Xcode 10.2 Support
Veracode has improved static analysis of iOS applications to support Swift 5 and Xcode 10.2.
Maven Shade Application Support
Veracode has improved the static analysis of Java applications by adding support of applications packaged as uber-jars that the Maven Shade plugin creates.
Improved Security for Zend Framework Applications
Veracode has improved static analysis of PHP applications written using the Zend framework by adding additional security checks.
Triage Flaws Improvements
You can now filter the list of findings by language.
Go 1.11 Support
Veracode has improved static analysis of Go applications by adding support for Go version 1.11.

June 29, 2019

Support for Ionic Framework Added
Veracode has improved static analysis by adding support of mobile applications written in the Ionic framework.
Support for React.js Version 16 Added
Veracode has improved static analysis of JavaScript applications built using React.js by adding support for React.js framework version 16.
Support for Java Version 12 Added
Veracode has improved static analysis of Java applications to support compatibility with Java version 12.
React Native Mobile Applications Analysis Improved
Veracode has simplified the process of analyzing React Native mobile applications. You can submit JavaScript source instead of built applications.
Accuracy of Zend Framework Applications Analysis Improved
Veracode has improved the accuracy of analysis of PHP applications built using the Zend framework. You may see additional findings as a result of these improvements.
Accuracy of COBOL Applications Analysis Improved
Veracode has improved the accuracy of scan results for COBOL applications. You may see additional findings as a result of these improvements.

May 30, 2019

Improved Ruby on Rails Scan Performance
Veracode has improved the performance and accuracy of Ruby on Rails scans. The Veracode Platform may report scan results for Ruby on Rails applications sooner than in past releases.

May 29, 2019

Automatic Publishing of Ruby on Rails Scans

Veracode now automatically publishes all Ruby on Rails scans, regardless of the number of flaws detected, to reduce the amount of time when scan results become available.

April 25, 2019

Improved .NET Core Support
Veracode has improved static analysis of .NET applications by providing additional security checks for .NET Core 2.2 APIs. This enhancement may result in additional static findings in applications using .NET Core 2.2.

April 2, 2019

PL/SQL Language Support
Veracode has improved static analysis by adding support for applications written in the PL/SQL language.

March 27, 2019

Apex Language Support
Veracode has improved static analysis by adding support for applications written in the Apex language.
Adobe Experience Manager Framework Support
Veracode Static Analysis has improved support of Java applications by adding support for the Adobe Experience Manager framework. This enhancement may result in additional static findings for Java applications.
Improved PHP 7 Support
Veracode Static Analysis has improved support of PHP applications by adding new security checks for PHP 7 features. This enhancement may result in additional static findings for applications using PHP 7.
Improved Entity Framework Core 2.1 Support
Veracode Static Analysis has improved support of .NET applications that use the Entity framework by adding new security checks for Entity Framework Core 2.1 APIs. This enhancement may result in additional static findings for applications using the Entity framework.
Improved iOS 12 Support
Veracode Static Analysis has improved support of iOS applications by adding new security checks for APIs specific to iOS 12. This enhancement may result in additional static findings for applications using iOS 12 APIs.
Improved .NET 4.7 Support
Veracode Static Analysis has improved support of .NET applications by adding new security checks for APIs specific to .NET 4.7. This enhancement may result in additional static findings for .NET applications.
Improved Groovy and Grails Support
Veracode Static Analysis has improved support of Groovy and Grails applications. This enhancement may result in additional static findings for Groovy applications.

March 25, 2019

Retiring the Static Legacy Scan Engine Option
Veracode has discontinued support of the Static Analysis legacy scan feature. If this change impacts you, contact your Veracode account manager for best practices on discontinuing the use of legacy scanning in your security testing program.
Detailed Static Flaw Remediation Examples
Veracode has improved the experience for developers resolving flaws by providing detailed examples showing how to fix common security issues in Java and .NET. Access to this sample code is available from the Triage Flaws page by clicking the Additional Remediation Guidance link. The examples are hosted at https://downloads.veracode.com, which may require additional whitelisting rules to access.

March 7, 2019

Improved ASP.NET Core 2.1 Support
Veracode Static Analysis has improved support of ASP.NET applications by adding new security checks for APIs specific to ASP.NET Core 2.1. This enhancement may result in additional static findings for applications using ASP.NET Core.
.NET Core 2.2 Compatibility Support
Veracode Static Analysis has improved support of .NET applications by adding compatibility support for .NET Core 2.2.
Improved Support of Dependent Libraries in C++
Veracode Static Analysis has improved support of C++ applications by removing the requirement that you upload dependent libraries for an application. This enhancement simplifies the module selection process and reduces the number of blocking errors potentially encountered during prescan. It may result in improved scan times and fewer static findings for C++ applications.
Improved Groovy and Grails Support
Veracode Static Analysis has improved support of Groovy applications by adding new security checks for Groovy and Grails. This enhancement may result in additional static findings for Groovy applications.
Apache Chemistry Library Support
Veracode Static Analysis has improved support of Java applications by adding support for the Apache Chemistry library. This enhancement may result in additional static findings for Java applications.
Improved iOS 12 Support
Veracode Static Analysis has improved support of iOS applications by adding new security checks for APIs specific to iOS 12. This enhancement may result in additional static findings for iOS applications.
Improved Consistency in JavaScript Findings
Veracode Static Analysis has improved the consistency of results between subsequent scans of JavaScript applications.
Improved Go Packaging Instructions
Veracode has improved the packaging instructions for Go applications in the Veracode Help Center. If you have encountered errors related to the packaging of Go applications, consult the updated Compilation Guidance for Go.

January 31, 2019

Ruby on Rails 5.x Compatibility Support
Veracode Static Analysis has improved support of Ruby on Rails applications by adding compatibility support for Ruby on Rails 5.x and Ruby 2.4 and 2.5.
.NET Standard 2.x Support
Veracode Static Analysis has improved support of .NET applications by adding support for .NET Standard 2.x. This enhancement may result in additional static findings for applications using the .NET Standard platform.
User-Defined Mitigation Comments for Custom Cleansers
You now have the ability to add mitigation text to Veracode custom cleansing functions. Veracode automatically includes this text as a comment when the cleanser mitigates a finding.
Spring Data Access Support
Veracode Static Analysis has improved support of Spring applications by adding support for the Spring Data Access library. This enhancement may result in additional static findings for applications using this library.
Improved PHP Support
Veracode Static Analysis has improved support for PHP applications by more effectively filtering out third-party components from findings. This enhancement improves scan accuracy and performance and may result in fewer findings for PHP applications.
Improved JavaScript Prescan Performance
Veracode Static Analysis has improved the performance of prescans of JavaScript applications by more accurately filtering out third-party components in Node.js applications. This enhancement may result in fewer selectable modules for Node.js applications.
Improved Java 9, 10, and 11 Support
Veracode Static Analysis has improved support of Java applications by adding new security checks for APIs specific to Java 9, 10, and 11. This enhancement may result in additional static findings for Java applications.
Improved .NET Core 2.1 Support
Veracode Static Analysis has improved support of .NET Core applications by adding new security checks for APIs specific to .NET Core 2.1. This enhancement may result in additional static findings for applications using .NET Core.
Improved Angular 5 and 6 Support
Veracode Static Analysis has improved support of Angular applications by adding new security checks for functionality specific to Angular 5 and 6. This enhancement may result in additional static findings for Angular applications.
Improved Python 3 Support
Veracode Static Analysis has improved the accuracy of scans of Python applications in cases where the application contains code written in both Python 2 and Python 3 syntax. This enhancement may result in additional static findings for Python applications.
Improved Groovy and Grails Support
Veracode Static Analysis has improved support of Groovy applications by adding new security checks for Groovy and Grails. This enhancement may result in additional static findings for Groovy applications.
Apache Commons Codec Library Support
Veracode Static Analysis has improved support of Java applications by adding support for the Apache Commons Codec library. This enhancement improves scan accuracy and may result in fewer static findings for Java applications.
Improved Reporting Precision
Veracode Static Analysis results now provide a more precise location of findings that appear in dependent modules.
Improved Custom Cleanser Detection
Veracode Static Analysis now more accurately detects when findings are mitigated with customer cleansers and provides the relevant mitigation information.
Improved JSP Accuracy
Veracode Static Analysis has improved reporting accuracy for JSP applications that use custom tags by better identifying where the custom tag is implemented. This enhancement may result in additional static findings for JSP applications that use custom tags.