Blacklisting Components

Application Security Policies

Components on the blacklist are third-party software code that the organization prohibits.

Users with the Security Lead role can create a list of third-party software components that are known to contain unacceptable security vulnerabilities. When Veracode finds blacklisted components in applications during a scan, the scan results report a scan policy violation. You can label the policy violations as mitigated or replace or fix the vulnerable component.

Adding Components to a Blacklist

When reviewing the components that comprise a software application, you can add any component that contains an unacceptable vulnerability to the blacklist. You must have the Security Lead role to add components to the blacklist.

To add components to a blacklist:
  1. Go to Scans & Analysis > Software Composition Analysis.
  2. Find the component that you want to blacklist, and in the Blacklist column, move the switch from OFF to ON.
  3. Optionally, in the Blacklisted Component popup, you can enter the remediation advice you want to provide for fixing the vulnerability.
  4. Click Save.

Set Blacklist toggle to ON or OFF.

You can change the remediation advice for any component at any time by clicking Edit at the end of the remediation advice line, and changing the text in the Blacklisted Component popup.
Enter the remediation advice in the popup.