The following topics explain how your application results are scored and presented:
- About Veracode's Methodology
- Veracode uses multiple analysis techniques to provide a consolidated application security rating.
- About Business Criticality
- Your application security policy is based on the application's business criticality, or the level of risk the application can tolerate based on its anticipated use.
- Scoring Methodology
- The Veracode scoring system is based on industry standard classifications of software flaw types and exploit impact.
- Veracode and the CWE
- Veracode uses the industry standard Common Weakness Enumeration as a flaw taxonomy.
- Understanding Severity and Exploitability
- Severity and exploitability are different measures of the seriousness of a flaw.
- Best Practice Findings
- Veracode can detect certain uses of security best practices.
- About Manual Assessments
- Manual assessments may provide some additional types of information about an application's security.
These topics describe how to access different downloadable views of the application findings. The Summary Report is available for all third-party and open source applications. The Detailed Report and Detailed XML Reports are available for internally developed and maintained applications.
- Access the Summary Report
- Download a summary version of your application's findings that does not contain detailed flaw information.
- Access the PCI Report
- View and download a report that evaluates your application against the latest PCI standard.
- Download the Detailed XML Report
- Download a copy of the detailed results for your application in XML format.
- Understand the Links Report
- For DynamicDS and Dynamic Analysis, get information about the scan coverage of your application.
- Share VAST vendor shared reports
- VAST program vendor users can share results of their latest scans to an enterprise organization.
- Download VAST vendor shared reports
- VAST program enterprise users can access results from vendor application scans
If you need further assistance understanding your scan results, schedule a consultation call with Veracode Technical Support.