Veracode Static Analysis Past Release Notes

Veracode Release Notes

View the list below for highlights of previous releases.

April 25, 2019

Improved .NET Core Support
Veracode has improved static analysis of .NET applications by providing additional security checks for .NET Core 2.2 APIs. This enhancement may result in additional static findings in applications using .NET Core 2.2.

April 2, 2019

PL/SQL Language Support
Veracode has improved static analysis by adding support for applications written in the PL/SQL language.

March 27, 2019

Apex Language Support
Veracode has improved static analysis by adding support for applications written in the Apex language.
Adobe Experience Manager Framework Support
Veracode Static Analysis has improved support of Java applications by adding support for the Adobe Experience Manager framework. This enhancement may result in additional static findings for Java applications.
Improved PHP 7 Support
Veracode Static Analysis has improved support of PHP applications by adding new security checks for PHP 7 features. This enhancement may result in additional static findings for applications using PHP 7.
Improved Entity Framework Core 2.1 Support
Veracode Static Analysis has improved support of .NET applications that use the Entity framework by adding new security checks for Entity Framework Core 2.1 APIs. This enhancement may result in additional static findings for applications using the Entity framework.
Improved iOS 12 Support
Veracode Static Analysis has improved support of iOS applications by adding new security checks for APIs specific to iOS 12. This enhancement may result in additional static findings for applications using iOS 12 APIs.
Improved .NET 4.7 Support
Veracode Static Analysis has improved support of .NET applications by adding new security checks for APIs specific to .NET 4.7. This enhancement may result in additional static findings for .NET applications.
Improved Groovy and Grails Support
Veracode Static Analysis has improved support of Groovy and Grails applications. This enhancement may result in additional static findings for Groovy applications.

March 25, 2019

Retiring the Static Legacy Scan Engine Option
Veracode has discontinued support of the Static Analysis legacy scan feature. If this change impacts you, contact your Veracode account manager for best practices on discontinuing the use of legacy scanning in your security testing program.
Detailed Static Flaw Remediation Examples
Veracode has improved the experience for developers resolving flaws by providing detailed examples showing how to fix common security issues in Java and .NET. Access to this sample code is available from the Triage Flaws page by clicking the Additional Remediation Guidance link. The examples are hosted at https://downloads.veracode.com, which may require additional whitelisting rules to access.

March 7, 2019

Improved ASP.NET Core 2.1 Support
Veracode Static Analysis has improved support of ASP.NET applications by adding new security checks for APIs specific to ASP.NET Core 2.1. This enhancement may result in additional static findings for applications using ASP.NET Core.
.NET Core 2.2 Compatibility Support
Veracode Static Analysis has improved support of .NET applications by adding compatibility support for .NET Core 2.2.
Improved Support of Dependent Libraries in C++
Veracode Static Analysis has improved support of C++ applications by removing the requirement that you upload dependent libraries for an application. This enhancement simplifies the module selection process and reduces the number of blocking errors potentially encountered during prescan. It may result in improved scan times and fewer static findings for C++ applications.
Improved Groovy and Grails Support
Veracode Static Analysis has improved support of Groovy applications by adding new security checks for Groovy and Grails. This enhancement may result in additional static findings for Groovy applications.
Apache Chemistry Library Support
Veracode Static Analysis has improved support of Java applications by adding support for the Apache Chemistry library. This enhancement may result in additional static findings for Java applications.
Improved iOS 12 Support
Veracode Static Analysis has improved support of iOS applications by adding new security checks for APIs specific to iOS 12. This enhancement may result in additional static findings for iOS applications.
Improved Consistency in JavaScript Findings
Veracode Static Analysis has improved the consistency of results between subsequent scans of JavaScript applications.
Improved Go Packaging Instructions
Veracode has improved the packaging instructions for Go applications in the Veracode Help Center. If you have encountered errors related to the packaging of Go applications, consult the updated Compilation Guidance for Go.

January 31, 2019

Ruby on Rails 5.x Compatibility Support
Veracode Static Analysis has improved support of Ruby on Rails applications by adding compatibility support for Ruby on Rails 5.x and Ruby 2.4 and 2.5.
.NET Standard 2.x Support
Veracode Static Analysis has improved support of .NET applications by adding support for .NET Standard 2.x. This enhancement may result in additional static findings for applications using the .NET Standard platform.
User-Defined Mitigation Comments for Custom Cleansers
You now have the ability to add mitigation text to Veracode custom cleansing functions. Veracode automatically includes this text as a comment when the cleanser mitigates a finding.
Spring Data Access Support
Veracode Static Analysis has improved support of Spring applications by adding support for the Spring Data Access library. This enhancement may result in additional static findings for applications using this library.
Improved PHP Support
Veracode Static Analysis has improved support for PHP applications by more effectively filtering out third-party components from findings. This enhancement improves scan accuracy and performance and may result in fewer findings for PHP applications.
Improved JavaScript Prescan Performance
Veracode Static Analysis has improved the performance of prescans of JavaScript applications by more accurately filtering out third-party components in Node.js applications. This enhancement may result in fewer selectable modules for Node.js applications.
Improved Java 9, 10, and 11 Support
Veracode Static Analysis has improved support of Java applications by adding new security checks for APIs specific to Java 9, 10, and 11. This enhancement may result in additional static findings for Java applications.
Improved .NET Core 2.1 Support
Veracode Static Analysis has improved support of .NET Core applications by adding new security checks for APIs specific to .NET Core 2.1. This enhancement may result in additional static findings for applications using .NET Core.
Improved Angular 5 and 6 Support
Veracode Static Analysis has improved support of Angular applications by adding new security checks for functionality specific to Angular 5 and 6. This enhancement may result in additional static findings for Angular applications.
Improved Python 3 Support
Veracode Static Analysis has improved the accuracy of scans of Python applications in cases where the application contains code written in both Python 2 and Python 3 syntax. This enhancement may result in additional static findings for Python applications.
Improved Groovy and Grails Support
Veracode Static Analysis has improved support of Groovy applications by adding new security checks for Groovy and Grails. This enhancement may result in additional static findings for Groovy applications.
Apache Commons Codec Library Support
Veracode Static Analysis has improved support of Java applications by adding support for the Apache Commons Codec library. This enhancement improves scan accuracy and may result in fewer static findings for Java applications.
Improved Reporting Precision
Veracode Static Analysis results now provide a more precise location of findings that appear in dependent modules.
Improved Custom Cleanser Detection
Veracode Static Analysis now more accurately detects when findings are mitigated with customer cleansers and provides the relevant mitigation information.
Improved JSP Accuracy
Veracode Static Analysis has improved reporting accuracy for JSP applications that use custom tags by better identifying where the custom tag is implemented. This enhancement may result in additional static findings for JSP applications that use custom tags.