Veracode Application Security Platform Past Release Notes

Veracode Release Notes

View the list below for highlights of previous releases.

April 23, 2019

Informational Findings Option in Customizable Report
Veracode now provides the option to include informational findings in your Customizable Report. Informational findings contain contextual security details that may add value to your report.

April 19, 2019

CWE Version 3.2
In the 2019.6 Veracode Platform release, Veracode will introduce support for Common Weakness Enumeration (CWE) version 3.2.

Veracode references the CWE for many of the findings discovered by its products. Updating to CWE 3.2 will impact which CWE IDs you need to fix to comply with the OWASP 2017, CERT, and PCI standards. When the June release implements this update, applications that had previously passed policy may fail if they include findings that have been added to these standards.

To understand how this change may impact your security program, see the new mappings for the OWASP and CERT standards. You can also generate a report of the applications affected by the update.

For more information about CWE 3.2, see the announcement from MITRE.

April 12, 2019

Conditional Pass Updates
Veracode now calculates grace periods based on the date a finding is first found or reopened instead of the last time a finding is found or reopened. You must fix the finding before the grace period ends to pass policy. In addition, if your policy has scan type and frequency requirements, your application fails policy until those requirements are met instead of moving into a Conditional Pass state.
Analytics Drilldown Details
Veracode Analytics now enables you to drill down to a more granular level, directly from a chart. You can click a data point in a chart or visualization to see additional data. These data points are defined by the measures used for the visualization and are available for all Veracode-defined visualizations and custom visualizations you have created for yourself or your organization.

April 5, 2019

The Veracode Policy REST API enables you to create, read, update, and delete policies, as well as evaluate an application or sandbox against any policy. You can use this API to assess an application or sandbox against any policy, even one not currently assigned to the application. The response from the policy evaluation shows you why the application is passing or failing policy, including scan frequency requirements and findings that are past their grace period due date.
Manual Testing REST API
The Veracode Manual Testing REST API provides access to details about published Manual Penetration Testing (MPT) scans and findings. It works with the Findings API to provide more information about MPT findings, including detailed notes from the penetration tester, screenshots, and code samples, if provided.

March 29, 2019

More Frequent Analytics Refresh
Veracode Analytics now updates every four hours, an improvement on the previous cadence of every six hours.
Largest Scan Analytics Data
Veracode Analytics has a new datapoint. The Largest Scan Size measure provides the size in MB of the largest static scan for the selected dimension, across all policy and sandbox scans.

March 25, 2019

PCI 3.2.1 Support
Veracode has updated its support for the PCI standard to adhere to PCI version 3.2.1, which is now reflected in the Veracode PCI Report. There are no changes to the PCI policy and the definitions of findings that fall under the PCI requirements.
Data Export Includes Informational Flaws Category
The Applications data export has a new column that contains Informational Flaws. This change affects any downstream reporting that relies on an expected column order for the Applications data export. You generate data exports from the Analytics tab in the Veracode Platform.
Analytics Static Lines of Code Measurement Update
Veracode Analytics has updated the static lines of code measurement in the Static Scan - General dimension to provide more accurate data.
New Manual Penetration Testing Finding Details API
Veracode has a new REST API that enables the retrieval of additional data about manual penetration testing (MPT) findings, including screenshots, code snippets, and detailed notes from the Veracode MPT testers. This API works together with the Findings API to provide a complete view of manual findings data.
New eLearning User Incentive Program - Learner Levels
Veracode is introducing an incentive program in which eLearning users can work towards achieving Learner Level badges while enhancing their secure coding knowledge. Learner levels are tiered categories of Veracode eLearning courses that align with the Veracode Verified program.

February 26, 2019

Informational Findings in Applications Data Exports Report
In the 2019.3 release, Veracode will add a column to the Applications Data Exports in the Veracode Platform to include informational findings. This change affects any downstream reporting that relies on an expected column order for the Applications Data Export. You generate Data Exports from Analytics in the Veracode Platform.
Removal of the Veracode Directory
Veracode is simplifying the Veracode Platform by removing the Veracode Directory.

February 11, 2019

New Configuration Calls for Consultations
You can now schedule a consultation call for assistance with configuring a static or dynamic scan from the Veracode Platform. In addition, you also have the ability to schedule a scan results consultation call from the Application Overview page.

February 7, 2019

Manual Penetration Tests Use CVSS 3.0
Veracode Manual Penetration Tests now use Common Vulnerability Scoring System (CVSS) version 3.0 to provide you with the latest vulnerability information.
Updated Time to Resolve Calculation
In Veracode Analytics, the calculation for the Time to Resolve measure has been updated to better handle mitigations as a resolution type.

February 4, 2019

Added MPT Fields in Customizable Report
The information in the Reviewer Note, Note, and Location fields from Veracode Manual Penetration Testing (MPT) now appears in the Customizable Report.
Business Unit Filter for Veracode Analytics
You now have the ability to filter by business unit on all Veracode Dashboards to view analytics data on specific functions of your business.

January 7, 2019

Veracode Analytics General Availability
The new Veracode Analytics functionality allows you to quickly view information about your security program using built-in dashboards. You also have the ability to construct your own data visualizations and access them from personal or shared dashboards. The new analytics data includes detailed findings information, average time to remediate findings, mitigation status reporting, and is restructured for improved performance.