Using DynamicDS Vulnerability Rescan

Results and Reports

Veracode DynamicDS can rescan previously found vulnerabilities, providing a rapid workflow that saves time and effort and ensures consistency in vulnerability reporting.

This feature provides you with high-level vulnerability reporting and reports the remediation trends to the business. In addition, vulnerability rescanning provides developers with rapid feedback that the fixes are successfully remediated in the web application.

After you scan your application using DynamicDS, Veracode creates an inventory of the flaws found during the scan. The inventory updates each time you rescan the same application. The DynamicDS Vulnerability Rescan feature enables you to rescan just the flaws that Veracode found in a previous DynamicDS scan of the application to see if the flaws are fixed, saving you time. The flaw inventory provides you with an at-a-glance view of the status of all the flaws found in the application.

Using the Flaw Inventory

After the first DynamicDS scan of an application, go to the flaw inventory in the left navigation pane to see the flaws that Veracode found.

The flaws are categorized by:
Veracode found these flaws in the most recent DynamicDS scan. During a rescan, it is possible that a new flaw is introduced while fixing a previous flaw found in the same location.
These previously discovered flaws are not fixed or were fixed but found again in a subsequent scan.
Cannot Reproduce
The DynamicDS scan engine was not able to reach the page where this flaw was previously found, due to network error, scan-time completion, or redirection.
These flaws are now fixed.

Rescanning Flaws

The flaw inventory helps you understand which flaws you have fixed and which ones are still open. You can you choose to perform a rescan of only the flaws that are still open or have recently reopened.

To rescan an applications:
  1. From the application overview page, select Rescan from the action dropdown menu.

  2. On the Scan Options screen, select Vulnerability rescan: Scan only the links with vulnerabilities from previous scans to scan only the flaws found in the previous scan.

  3. Click Run Prescan Now.

The DynamicDS scan continues as a normal scan and you can start it after a successful prescan or schedule it for a future date. The results of the scan update the list of flaws in the flaw inventory so you can see which open flaws are now in the fixed column.

All vulnerability rescans have the prefix "Vulnerability rescan" at the beginning of the scan name so that you can distinguish the full rescans from the vulnerability rescans.