Reviewing Policy Adherence

Application Security Policies

After scanning an application, part of the extensive report information you receive includes a summary of how well the application adhered to the policies assigned to it. The Policy Control tab on the View Report page lists the names and descriptions of the assigned policies and provides the details of how the application met the requirements of the:

  • Veracode Level rule and any custom rules, including any blacklist rules
  • Scan requirements
  • Remediation levels


Go to View Report to see the policy controls. You can switch between two reports: the Veracode Report and the PCI Report. The Veracode Report contains details about the flaws identified in the application, policy requirements, findings and recommendations on how to fix the flaws, and mitigations.

The PCI Report contains additional lists of the security standards that the application did not meet. According to the standards specified in the policy (CERT, OWASP, and CWE/SANS Top 25), there is a table on the Policy Control tab listing how many flaws did not pass which categories of the failed standards.

View how many flaws failed against security standards.