Before starting a Veracode Dynamic Analysis, read this important information and perform the following prerequisite verifications.
- Provide access to the Veracode IP address range: To enable Veracode to perform scans,
your application must be accessible from the Veracode IP address 18.104.22.168. This access may
require creating a staging or test environment to host your application, make configuration
changes to your firewall rules, and perform other IT activities. When running a Dynamic Analysis, you see traffic coming from this IP address, therefore, you must whitelist it. This IP
address is different from the Veracode IP address range used for DynamicMP scans. Note: Contact Veracode Support or your Veracode account manager to address specific details of your environment as you may have to resolve any issues on a case-by-case basis.
- Verify connectivity: Ensure the target URLs you want to scan are externally accessible and the login and password for access to the websites are accurate before you start a Dynamic Analysis. After you submit the scan, Veracode performs a connection and login verification, if a login is configured.
- Verify user roles: You must have the Creator, Submitter, or Security Lead role to be able to create, configure, or submit a Dynamic Analysis. Any member of the team associated with the Dynamic Analysis is able to view the analysis and its results.