June 29, 2020
- New Accept the Risk Mitigation Type
- Veracode now allows you to resolve a finding by stating that your business is willing to accept the risk associated with that finding. This mitigation type allows you to track and report the risk while continuing to maintain the mitigation and resolution approval process. Veracode updated the mitigationinfo.xsd file to include this mitigation type.
June 27, 2020
- Veracode Policies Now Support 2019 CWE Top 25 Security Standard
- Veracode updated the PCI security standard in the Veracode Platform to include the 2019 CWE Top 25 Security Standard, previously called the SANS Top 25 standard. Applications with findings included in the new standard may fail the PCI policy or PCI standard requirement as a result. Veracode applies the update to applications upon rescan.
- Enhancements to eLearning Curriculum Creation
- Veracode has improved the user interface for creating an eLearning curriculum to make it easier for administrators to identify courses to add to a curriculum. The new user interface now includes the length and description of each course. When selecting courses, the administrator can also use a checkbox to make courses required.
June 16, 2020
- Veracode Analytics Provides Ignored Issue SCA Data
- Veracode Analytics now supports SCA agent-based scan issue data about ignored issues, including details of when a user ignored an issue and the username for the user who ignored the issue.
June 11, 2020
- New Sandbox Attributes Added to Veracode Analytics
- Veracode Analytics now provides attributes for tracking sandbox usage. You can view sandbox expiration dates and determine if the Veracode Platform sandboxes are configured for Veracode to automatically recreate them after expiration.
- New Dynamic Analysis Dimensions Available in Veracode Analytics
- Veracode Analytics now provides the Dynamic Analysis fields Path and Vulnerable Parameter, which allow you to better focus and prioritize your remediation efforts.
June 8, 2020
- SCA Agent Data Available in Veracode Analytics
- The Software Composition Analysis (SCA) dashboard is updated in Veracode Analytics to reflect recommended charts for tracking your use of SCA agent-based and upload-and-scan workflows. In addition, Veracode Analytics provides two new explores for SCA agent data: SCA Agent Issues and SCA Agent Scans. These explores enable you to create your own charts and dashboards, providing a better understanding of your open-source risk.
June 2, 2020
- Bulk Actions for eLearning Administrators
Veracode eLearning administrators can now apply actions, including assigning learners to tracks or curricula and enabling automatic track extensions, to multiple users at once. This enhancement simplifies the process of onboarding and managing eLearning users.
May 28, 2020
- Update to Industry Values in Application Profile
- Veracode has updated the values for industries in application profiles to more accurately reflect the market. Because applications include industry values to help inform the Veracode State of Software Security report, this change affects the createapp.do and updateapp.do XML API calls.
- If you have a script coded with an expected value for the industry field, please update your script to reflect the updated values or use the default value already provided.
May 13, 2020
- Analytics Scan Frequency Requirements Data
Veracode Analytics now provides visibility into scan frequency requirements for an application. These requirements include the frequency mandated by the policy, upcoming scan due dates, and any past due dates.
May 7, 2020
- New Team Admin Role
- Veracode has added the new Team Admin user role that an administrator can grant to users. With the Team Admin role, you can create, edit, and delete users within the teams you manage. This new role makes it easier for organizations to manage permissions for a large number of users.
- New Mitigation Type
- Veracode has added a new mitigation type to allow you to propose mitigations using the mitigation type Mitigated - Referred to Library Maintainer. You can classify findings related to libraries developed by another development team. Another development team may build libraries in-house, but they may not own the application Veracode is scanning.
April 30, 2020
- New Identity REST APIs
- The new Identity REST APIs allow you to manage users, teams, and business units. You can also use these REST APIs to create API service accounts and manage API ID/key credentials.
- Updated Greenlight Scans Explore Page
- Veracode has updated the Analytics page Greenlight Scans Explore to reflect the new terminology of IDE scan (formerly known as Greenlight) and to include pipeline scan data.
- Updated Applications List View
- The All Applications page in the Veracode Platform now provides customizable columns and improved searching and filtering. Veracode is gradually releasing this feature as part of each Platform release, so it may not be immediately available to you.
- New Secure Coding Foundation eLearning Courses
- Veracode eLearning has released a new set of secure coding foundation courses:
- Secure Coding Foundations - Authentication
- Secure Coding Foundations - Authorization
- Secure Coding Foundations - Configuration and Deployment
- Secure Coding Foundations - Data Protection
- Secure Coding Foundations - Information and Error Handling
- Secure Coding Foundations - Trust Boundaries
- Secure Coding Foundations - Validation and Encoding
- eLearning User Interface Enhancements
- Veracode has improved these eLearning windows:
- Manager window you use to assign learners to a manager
- Curriculum window you use to assign learners to a curriculum
April 21, 2020
- Updated Applications List View
- The All Applications page in the Veracode Platform now provides customizable columns and improved searching and filtering.