The assessment summary report shows how many modules were included in the static scan analysis, how many call sites were in the modules, and how many of those call sites are vulnerable.
The summary lists the statistics on the number of call sites scanned for each flaw category. You can use this information to gain confidence in completeness of the results in high quality applications where the majority of high and very-high flaws are already remediated. A call site is the area in the code that Veracode scans for dangerous flaws to determine which call sites are vulnerable to various flaw categories. There may be more call sites for each subcategory than there are unique call sites because Veracode analyzes each call site for CWEs in each subcategory.
- Go the Results:Latest page of the application.
- In the left navigation pane, click View Report.
- In the Executive Summary section, click Assessment Summary.
The assessment summary opens in a new window.
The statistics are divided by CWE category, indicating what kind of vulnerabilities you have.