Veracode Application Security Platform Release Notes

Veracode Release Notes

May 15, 2019

Unsubscribe from Optional Scan Notifications

Veracode now provides the option to unsubscribe from some scan notifications. Instead of receiving all the scan notifications associated with your role and team membership, you can disable the optional email notifications for specific scan types that are not relevant to you.

May 6, 2019

Updated Introduction to PCI DSS for Developers eLearning Course
Veracode has updated the eLearning course Introduction to PCI DSS for Developers to reflect the PCI standard update from version 3.2 to version 3.2.1.

April 23, 2019

Informational Findings Option in Customizable Report
Veracode now provides the option to include informational findings in your Customizable Report. Informational findings contain contextual security details that may add value to your report.

April 19, 2019

CWE Version 3.2
In the 2019.6 Veracode Platform release, Veracode will introduce support for Common Weakness Enumeration (CWE) version 3.2.

Veracode references the CWE for many of the findings discovered by its products. Updating to CWE 3.2 will impact which CWE IDs you need to fix to comply with the OWASP 2017, CERT, and PCI standards. When the June release implements this update, applications that had previously passed policy may fail if they include findings that have been added to these standards.

To understand how this change may impact your security program, see the new mappings for the OWASP and CERT standards. You can also generate a report of the applications affected by the update.

For more information about CWE 3.2, see the announcement from MITRE.

April 12, 2019

Conditional Pass Updates
Veracode now calculates grace periods based on the date a finding is first found or reopened instead of the last time a finding is found or reopened. You must fix the finding before the grace period ends to pass policy. In addition, if your policy has scan type and frequency requirements, your application fails policy until those requirements are met instead of moving into a Conditional Pass state.
Analytics Drilldown Details
Veracode Analytics now enables you to drill down to a more granular level, directly from a chart. You can click a data point in a chart or visualization to see additional data. These data points are defined by the measures used for the visualization and are available for all Veracode-defined visualizations and custom visualizations you have created for yourself or your organization.

April 5, 2019

Policy REST API
The Veracode Policy REST API enables you to create, read, update, and delete policies, as well as evaluate an application or sandbox against any policy. You can use this API to assess an application or sandbox against any policy, even one not currently assigned to the application. The response from the policy evaluation shows you why the application is passing or failing policy, including scan frequency requirements and findings that are past their grace period due date.
Manual Testing REST API
The Veracode Manual Testing REST API provides access to details about published Manual Penetration Testing (MPT) scans and findings. It works with the Findings API to provide more information about MPT findings, including detailed notes from the penetration tester, screenshots, and code samples, if provided.

March 29, 2019

More Frequent Analytics Refresh
Veracode Analytics now updates every four hours, an improvement on the previous cadence of every six hours.
Largest Scan Analytics Data
Veracode Analytics has a new datapoint. The Largest Scan Size measure provides the size in MB of the largest static scan for the selected dimension, across all policy and sandbox scans.

March 25, 2019

PCI 3.2.1 Support
Veracode has updated its support for the PCI standard to adhere to PCI version 3.2.1, which is now reflected in the Veracode PCI Report. There are no changes to the PCI policy and the definitions of findings that fall under the PCI requirements.
Data Export Includes Informational Flaws Category
The Applications data export has a new column that contains Informational Flaws. This change affects any downstream reporting that relies on an expected column order for the Applications data export. You generate data exports from the Analytics tab in the Veracode Platform.
Analytics Static Lines of Code Measurement Update
Veracode Analytics has updated the static lines of code measurement in the Static Scan - General dimension to provide more accurate data.
New Manual Penetration Testing Finding Details API
Veracode has a new REST API that enables the retrieval of additional data about manual penetration testing (MPT) findings, including screenshots, code snippets, and detailed notes from the Veracode MPT testers. This API works together with the Findings API to provide a complete view of manual findings data.
New eLearning User Incentive Program - Learner Levels
Veracode is introducing an incentive program in which eLearning users can work towards achieving Learner Level badges while enhancing their secure coding knowledge. Learner levels are tiered categories of Veracode eLearning courses that align with the Veracode Verified program.