The Results page provides a single point of reference for the results of all completed scans. From this page you can download reports, bookmark reports, and schedule a consultation call with Veracode Support.
Click Results in the left navigation menu to go to the Results page. The page is divided into three sections:
- Results Reports
- Policy Evaluation
- Summarized Results
From the Results page, you can download reports, bookmark reports, share results, and request a scan results consultation call with Veracode Support. In addition, you can view the Veracode and PCI Compliance reports.
Click Veracode Report or PCI Compliance
Report to open these reports. The Veracode Report contains the same
information as the Detailed Report that you can download from the Results page. The
Veracode Report summarizes the security flaws identified during this scan, how the
application fared against the associated policy controls, and outlines the Veracode
recommendations. The PCI Compliance Report provides
guidance on how to fix the discovered flaws to achieve PCI compliance and how the
application performed against the PCI policy.
- Download Reports
- Click this button to drop down the menu of reports you can download.
- Bookmark this Report
- You can bookmark this results page, enabling you to come back to it later.
- Share this Report
- If you have a vendor-enterprise relationship with other organizations, you can share scan results using this button.
- Schedule a Consultation.
- If you would like to receive assistance in interpreting your scan results, click this button to schedule a consultation call with Veracode.
The Policy Evaluation section of the Results page provides an overview of how the application fared against its associated policy.
The policy evaluation indicates if the application was assessed against rules, required scans, and a remediation grace period. The Veracode Level the application achieves is based on the security score it receives after the scans.
Click the scan names in the static, dynamic, and manual columns to go to the overview pages to see more details of the scan results.
The Summarized Results section of the Results page provides an excellent overview of all the flaws by severity and status, as well as a summary of the top risks and how your metrics data is trending.
At a glance, you can see the number and types of flaws the application currently contains.
|Very High||The offending line or lines of code is a very serious weakness and is an easy target for an attacker. The code should be modified immediately to avoid potential attacks.|
|High||The offending line or lines of code have significant weakness, and the code should be modified immediately to avoid potential attacks.|
|Medium||A weakness of average severity. These flaws should be fixed in high assurance software. You should consider fixing this weakness after you fix the very high and high flaws for medium assurance software.|
|Low||This is a low priority weakness that will have a small impact on the security of the software. You should consider fixing these flaws for high assurance software. Medium- and low-assurance software can ignore these flaws.|
|Very Low||Minor problems that some high assurance software may want to be aware of. These flaws can be safely ignored in medium- and low-assurance software.|
|Informational||Issues that have no impact on the security quality of the application but which may be of interest to the reviewer.|
Remediation Status data shows the number of flaws found in an application, characterized by remediation status.
|New||Policy||The number of flaws that were not found in any previous policy scan.|
|Sandbox||The number of flaws that were not found in any previous scan.|
|Open||Policy||The number of flaws found in a previous policy scan.|
|Sandbox||The number of flaws found in a previous scan, not necessarily within this sandbox.|
|Reopened||Policy or Sandbox||The number of flaws found in a previous scan within the sandbox or policy scan, not found in a subsequent scan within the sandbox or policy scan, but found again in the current scan.|
|Fixed||Policy or Sandbox||The number of flaws found in a previous scan within the policy or sandbox scan, but not found again in the current scan.|
|Mitigated||Policy or Sandbox||The number of flaws which were approved as mitigated by OS environment, mitigated by network environment, and mitigated by design.|
|Potential False Positive||Policy or Sandbox||The number of flaws which were approved as a potential false positive.|
Trend Data shows the history of the scans and their scores over time. You can hover over data points on the chart to view the name, date, and score of each scan.