December 10, 2019
- New Workflow for Managing Policies
- The Veracode Platform now includes a more streamlined policy management workflow. This update simplifies the process of creating and editing application policies.
December 7, 2019
- Authentication Upgrade
- Veracode has upgraded its back-end authentication functions for user access to the Veracode Application Security Services products. You will receive a prompt to update your security question and answer pair and your multifactor authentication (MFA) method, if your account requires MFA.
- Updated MFA Support
- Veracode now supports using Google Authenticator, FIDO2, and WebAuthn for MFA. Administrators can assign MFA requirements to users in their organization, prompting them to set up MFA the next time they log in.
- Veracode no longer supports RSA tokens. Please mail your RSA tokens to Veracode for recycling at this address:
- Attn: IT Support
- 65 Network Drive
- Burlington, MA 01803
- To receive a free shipping label from Veracode, contact Veracode Technical Support at firstname.lastname@example.org.
November 25, 2019
- Basic Authentication Obsolete
- Veracode no longer supports basic authentication for Veracode integrations and API calls. All automation or ad hoc queries configured to use basic username and password authentication now fail. All integrations and APIs now require HMAC authentication.
- Promoted Scan Attribute in Veracode Analytics
- Veracode Analytics now allows you to filter your data to only include results from scans promoted from sandbox to policy.
November 6, 2019
- New Video - Create a Custom Policy in the Veracode Platform
- This video shows you how to create a custom policy in the Veracode Platform.
November 4, 2019
- Veracode Analytics Provides Mitigation Details
- Veracode Analytics now provides details of your most recent mitigation actions. This enhancement enables you to build reports or graphs on the most recent proposal, acceptance, or rejection of a mitigation. Additional mitigation details include the date or time of the mitigation action, the associated comment, and the username of the person who took the action. This new data enables you to better inspect and improve your use of mitigations to address security findings that Veracode discovers. If you do not use Veracode Analytics, the same level of detail is also provided if you have purchased the Veracode Mitigation Proposal Review (MPR) service.
- Veracode Analytics Adds Module Name Dimension
Veracode Analytics now provides the name of the module where the finding was most recently seen. This dimension enables you to better focus your remediation efforts and finds trends in your Veracode Static Analysis results.
October 9, 2019
- Configurable Policy Notifications
- Veracode now provides the option to subscribe to and unsubscribe from notifications for events related to your policies, such as upcoming scan requirements, grace period expirations, and new policy assignments.
October 5, 2019
- Retired Basic Authentication for APIs and Integrations
- Veracode has retired basic authentication for Veracode integrations and XML APIs.
Basic authentication consists of only a username and password. If you have not already
moved to API ID and key authentication, complete these steps:
- Generate API ID and key credentials for your Veracode Platform account.
- Configure your integration to use API ID and key credentials. This step applies to
officially supported Veracode integrations and custom-scripted integrations.
Note: The Veracode Java and C# API wrappers support API ID and key credentials. For other custom integrations, you must include HMAC signing in your script.
- Python Authentication Library Supports Python 3
- The Python authentication library, which Veracode uses for HMAC authentication, now supports Python 3. You can download and install the library from the Python Package Index (PyPI).
- Scan Requirements Cause Applications to Fail Policy
- Applications now fail policy if they fail the scan frequency requirement, regardless of the remediation grace period allowed in the policy.
- Discontinued Curriculum Self-Assignment for eLearning
- Veracode has removed the option for Veracode administrators to allow eLearning users in their organization to assign their own curriculum.
- XML API Report Calls Indicate Accessibility of Software Composition Analysis Results
The detailedreport.do and summaryreport.do XML APIs now include the SoftwareCompositionAnalysis attribute, which provides information on the accessibility of Software Composition Analysis (SCA) results for an application. The attribute indicates whether there is an error, such as a network issue, preventing access to the SCA results or the results are no longer available.