Veracode Application Security Platform Release Notes

Veracode Release Notes

August 27, 2019

Veracode Analytics Reports Show User Roles and SAML Authentication
You can now create Veracode Analytics reports that include a list of roles assigned to each user and show which users are using SAML authentication.

August 14, 2019

New Video - Create a New Application Profile in the Veracode Platform
This video shows you how to create a new application profile in the Veracode Platform.
New User Roles and SAML Data Available in Analytics
You can now build reports in Veracode Analytics that include the list of roles assigned to a user and indicate if a user chose SAML for authentication.

August 5, 2019

New Video - Create and Manage Users and Teams in the Veracode Platform
This video shows you how to create and manage users and teams in the Veracode Platform.

August 1, 2019

Triage Flaws Links to New eLearning Secure Coding Courses
In the Static Analysis Triage Flaws page, the CWE findings are updated to link to new recommended eLearning Secure Coding courses for Python and OWASP 2017.

July 20, 2019

Update to CWE Version 3.3
Veracode has updated the CWEs we support to conform to the new CWE version 3.3.
Greenlight Usage Dashboard in Analytics
If you are a Greenlight user, you can now access scan usage data directly in Veracode Analytics. Veracode provides a dashboard with relevant information as well as an Explore where you can create reports and visualizations for your Greenlight data from a blank template. If you are not a Greenlight user, you see the Greenlight dashboard and Explore but no data is available.
Remediation Guidance and Code Examples Available in eLearning
Veracode now provides in eLearning remediation guidance with code examples in .NET and Java for seven CWEs. You can access this information in the eLearning Knowledge Base by clicking the links within the following flaw categories:
  • Directory Traversal (CWE-73)
  • OS Command Injection (CWE-78)
  • Cross Site Scripting [XSS] (CWE-80)
  • SQL Injection (CWE-89)
  • CRLF Injection in Logs (CWE-117)
  • Information Leakage (CWE-209)
  • Open Redirects (CWE-601)
AppSec Tutorials Available from the Triage Flaws Page

All Veracode Platform users can now access AppSec tutorials via links on the Triage Flaws page. The tutorials provide detailed information to help you better understand scan findings and remediation.

July 10, 2019

Email Subscriptions for Veracode News and Product Updates
In the Veracode Platform, you can now subscribe to emails about the latest product updates, industry news, and Veracode events.

July 8, 2019

Retiring Basic Authentication for APIs and Integrations
In the September 2019 Veracode Platform release, Veracode will retire basic authentication for Veracode integrations and XML APIs. Basic authentication consists of only a username and password. If you currently use basic authentication, complete these steps:
  1. Generate API ID and key credentials for your Veracode Platform account.
  2. Configure your integration to use API ID and key credentials. This step applies to officially supported Veracode integrations and custom-scripted integrations.
    Note: The Veracode Java and C# API wrappers support API ID and key credentials. For other custom integrations, you must include HMAC signing in your script.

For more information, see the Veracode Community or contact Veracode Technical Support.

CWE Version 3.2
Veracode now supports Common Weakness Enumeration (CWE) version 3.2.

Veracode references the CWE for many of the findings discovered through its products. Updating to CWE 3.2 impacts which CWE IDs you need to fix to comply with the OWASP 2017, CERT, and PCI standards. Applications that had previously passed policy may fail if they include findings that are now included in these standards.

To understand how this change impacts your security program, see the new mappings for each security standard.

For more information about CWE 3.2, see the announcement from MITRE.

July 1, 2019

SSL Certificates Will Begin to Expire
Starting mid-July 2019, Veracode SSL certificates that may be embedded in local trust stores will begin to expire. If this change affects your use of the Veracode APIs, read more in the Help Center for instructions on resolving the issue.