Using Vulnerabilities Data

Software Composition Analysis

The Vulnerabilities tab lists all the vulnerabilities in your portfolio by CVE and severity rating.

This tab provides detailed information on all the known vulnerabilities in your portfolio. It sorts the vulnerabilities by severity, and lists the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) IDs. Each severity is counted and described. The description field provides links to the affected applications and components.

Use the filter function to list applications by CVE ID, application name, component, or any combination of these filters. If you switch tabs after filtering data, the filter sorts the content in the new tab unless you clear the filter. Click the CVE or CWE ID link in the table to navigate to the National Vulnerability Database (NVD) to view additional CVE or CWE ID information.

Vulnerability Updates

Veracode updates the vulnerabilities list every Monday and Wednesday between 12:00pm and 10:00pm ET to reflect any changes in the National Vulnerability Database to provide the latest information on third-party component vulnerabilities in your applications. In turn, SCA results and related dashboards such as a Governance Risk and Compliance (GRC) systems are updated to reflect any new vulnerabilities. You do not need to rescan your applications to reflect the latest vulnerability changes. Veracode recommends that you review your SCA policy compliance after every vulnerability update.

Veracode also sends an email to users when a newly identified or upgraded vulnerability affects your policy. To receive SCA email notifications, navigate to Your Account Settings, enter your email address, and select I wish to receive email notifications when a newly identified vulnerability or change in severity causes my application to violate policy.
Note: The link to the Veracode Platform provided in the email notification is only accessible to users with the Security Lead role.