Improve Application Security Quality

Results and Reports

Once you have the report for your application, you can improve its security quality through using the Veracode Platform:

Develop a remediation plan
The Veracode Triage flaws page and associated reports provide actionable guidance on which flaws to fix in which order to get the fastest improvements in security.
Review static flaws
A developer can use the Triage Flaws page to review static flaws in the context of the application source.
Review DynamicDS flaws
Dynamic flaws have additional information available in the Triage Flaws page.
Review the assets in your web inventory
Search for a specific flaw in the Triage Flaws page
You can use many criteria to find subsets of flaws in the Triage Flaws page.
Mitigate flaws
Development teams can manage the flaw mitigation workflow to manage the process of fixing security vulnerabilities.
Review a third-party application as the vendor
Request the scan results for a third-party application.
Evaluate your third-party components
Use Software Composition Analysis to review the vulnerabilities in your third-party components.
Submit a new scan for confirmation
Once the improvements have been made, you should submit a new scan request for the application to verify your fixes.
Verify fixed flaws through reports
Specific features in Veracode reports help you verify that you have fixed the flaws.
Create WAF rules to protect your web applications
Use your scan results to create web application firewall rules that detect more vulnerabilities and improve scan results.
Use Veracode Analytics to manage application risk.
Veracode Analytics provides a view of your application risk and compliance across your entire application portfolio, and allows comparing your applications to those of other Veracode customers.
Supported cleansing functions
Use one of the cleansing functions that are recognized by Veracode static scans if you want Veracode to verify your fix.
Download an Archer feed of your application data
Use the Archer API to integrate your Veracode application risk data with the Archer dashboard.