Reviewing a Third-party Application as the Vendor

Results and Reports

In a third-party application scan request, a Veracode customer (enterprise) requests summary results of an application scan from another party (the vendor). The vendor receives the detailed results from Veracode, and may propose and approve mitigations for any flaws in the report at any time. If the enterprise has already received the summary results, their report is automatically updated with new approved mitigations.

In some cases, the vendor and enterprise may agree to let the vendor review and mitigate results before the enterprise receives the summary results. In these cases, the vendor may be asked to publish the results to the enterprise once they are ready. A security lead in the vendor account may publish results to the enterprise as follows:

  1. Open the application overview for the application whose results are to be published to the enterprise. You can access the application overview from the Applications list by clicking the application name.
  2. Click Publish to Enterprise button. The application status changes to Published to Enterprise.