Some applications may be subject to Payment Card Industry (PCI) criteria such as PCI-DSS and PA-DSS. Veracode provides the ability to evaluate any application against the PCI standards via the PCI report.
Veracode provides support for testing applications under the scope of PCI-DSS Version 3.2.1, sections 6.1, 6.3.2, 6.5, 6.6, and 11.3.2 and PCI PA-DSS Version 3.2, sections 5.1.4, 5.2, 7.1.1, 7.1.2, and 7.1.3. Veracode implements the guidance provided in these sections in the PCI 3.2.1 standard, which recommends evaluating applications against the OWASP Top 10, CWE/SANS Top 25, CERT Secure Coding, and other standards, and which expressly requires that an application be free of High or Very High Severity flaws. You can view the details of how an application is evaluated against these standards in the Policy section of the PCI Report.
To access the PCI Report:
- Click View in the Results column of the Applications list to open the results page for your application.
- Click PCI Compliance Report at the top of the page. The platform opens the PCI Report view.
- To download a PDF copy of the report, click the download icon at the top-right of the page.
- Select Veracode PCI 3.2.1 Report (PDF) from the Download Report popup and, if necessary, select the scan type to include in the report.
- Click Download.