Components on the blacklist are third-party software code that the organization prohibits.
Users with the Security Lead role can create a list of third-party software components that are known to contain unacceptable security vulnerabilities. When Veracode finds blacklisted components in applications during a scan, the scan results report a scan policy violation. You can label the policy violations as mitigated or replace or fix the vulnerable component.
Adding Components to a Blacklist
When reviewing the components that comprise a software application, you can add any component that contains an unacceptable vulnerability to the blacklist. You must have the Security Lead role to add components to the blacklist.
- Go to .
- Find the component that you want to blacklist, and in the Blacklist column, move the switch from OFF to ON.
- Optionally, in the Blacklisted Component popup, you can enter the remediation advice you want to provide for fixing the vulnerability.
- Click Save.
You can change the remediation advice for any component at any time by clicking
Edit at the end of the remediation advice line, and changing the
text in the Blacklisted Component popup.