Veracode Application Security Platform Release Notes

Veracode Release Notes

June 29, 2020

New Accept the Risk Mitigation Type
Veracode now allows you to resolve a finding by stating that your business is willing to accept the risk associated with that finding. This mitigation type allows you to track and report the risk while continuing to maintain the mitigation and resolution approval process. Veracode updated the mitigationinfo.xsd file to include this mitigation type.

June 27, 2020

Veracode Policies Now Support 2019 CWE Top 25 Security Standard
Veracode updated the PCI security standard in the Veracode Platform to include the 2019 CWE Top 25 Security Standard, previously called the SANS Top 25 standard. Applications with findings included in the new standard may fail the PCI policy or PCI standard requirement as a result. Veracode applies the update to applications upon rescan.
Enhancements to eLearning Curriculum Creation
Veracode has improved the user interface for creating an eLearning curriculum to make it easier for administrators to identify courses to add to a curriculum. The new user interface now includes the length and description of each course. When selecting courses, the administrator can also use a checkbox to make courses required.

June 16, 2020

Veracode Analytics Provides Ignored Issue SCA Data
Veracode Analytics now supports SCA agent-based scan issue data about ignored issues, including details of when a user ignored an issue and the username for the user who ignored the issue.

June 11, 2020

New Sandbox Attributes Added to Veracode Analytics
Veracode Analytics now provides attributes for tracking sandbox usage. You can view sandbox expiration dates and determine if the Veracode Platform sandboxes are configured for Veracode to automatically recreate them after expiration.
New Dynamic Analysis Dimensions Available in Veracode Analytics
Veracode Analytics now provides the Dynamic Analysis fields Path and Vulnerable Parameter, which allow you to better focus and prioritize your remediation efforts.

June 8, 2020

SCA Agent Data Available in Veracode Analytics
The Software Composition Analysis (SCA) dashboard is updated in Veracode Analytics to reflect recommended charts for tracking your use of SCA agent-based and upload-and-scan workflows. In addition, Veracode Analytics provides two new explores for SCA agent data: SCA Agent Issues and SCA Agent Scans. These explores enable you to create your own charts and dashboards, providing a better understanding of your open-source risk.

June 2, 2020

Bulk Actions for eLearning Administrators

Veracode eLearning administrators can now apply actions, including assigning learners to tracks or curricula and enabling automatic track extensions, to multiple users at once. This enhancement simplifies the process of onboarding and managing eLearning users.

May 28, 2020

Update to Industry Values in Application Profile
Veracode has updated the values for industries in application profiles to more accurately reflect the market. Because applications include industry values to help inform the Veracode State of Software Security report, this change affects the createapp.do and updateapp.do XML API calls.
If you have a script coded with an expected value for the industry field, please update your script to reflect the updated values or use the default value already provided.

May 13, 2020

Analytics Scan Frequency Requirements Data

Veracode Analytics now provides visibility into scan frequency requirements for an application. These requirements include the frequency mandated by the policy, upcoming scan due dates, and any past due dates.

May 7, 2020

New Team Admin Role
Veracode has added the new Team Admin user role that an administrator can grant to users. With the Team Admin role, you can create, edit, and delete users within the teams you manage. This new role makes it easier for organizations to manage permissions for a large number of users.
New Mitigation Type
Veracode has added a new mitigation type to allow you to propose mitigations using the mitigation type Mitigated - Referred to Library Maintainer. You can classify findings related to libraries developed by another development team. Another development team may build libraries in-house, but they may not own the application Veracode is scanning.

April 30, 2020

New Identity REST APIs
The new Identity REST APIs allow you to manage users, teams, and business units. You can also use these REST APIs to create API service accounts and manage API ID/key credentials.
Updated Greenlight Scans Explore Page
Veracode has updated the Analytics page Greenlight Scans Explore to reflect the new terminology of IDE scan (formerly known as Greenlight) and to include pipeline scan data.
Updated Applications List View
The All Applications page in the Veracode Platform now provides customizable columns and improved searching and filtering. Veracode is gradually releasing this feature as part of each Platform release, so it may not be immediately available to you.
New Secure Coding Foundation eLearning Courses
Veracode eLearning has released a new set of secure coding foundation courses:
  • Secure Coding Foundations - Authentication
  • Secure Coding Foundations - Authorization
  • Secure Coding Foundations - Configuration and Deployment
  • Secure Coding Foundations - Data Protection
  • Secure Coding Foundations - Information and Error Handling
  • Secure Coding Foundations - Trust Boundaries
  • Secure Coding Foundations - Validation and Encoding
These courses cover application security practices and associated vulnerabilities.
eLearning User Interface Enhancements
Veracode has improved these eLearning windows:
  • Manager window you use to assign learners to a manager
  • Curriculum window you use to assign learners to a curriculum

April 21, 2020

Updated Applications List View
The All Applications page in the Veracode Platform now provides customizable columns and improved searching and filtering.