Managing Policies

Application Security Policies

The Veracode Platform enables you to create an application security policy against which you can evaluate and measure your applications. The elements of an application security policy may include:

  • The target Veracode Level for the application.
  • Types of findings that should not be in the application. You can restrict findings by severity, CWE category, CWE ID, or a common standard including OWASP, OWASP Mobile, SANS Top 25, or PCI.
  • Minimum Veracode security score.
  • Required scan types and frequencies.
  • Grace period within which you must fix any policy-relevant findings.

You can create, edit, or delete a policy. You must have the Policy Administrator role to perform policy maintenance activities.

Note: You are not required to create custom policies because the Veracode Platform includes two sets of default policies that you can choose from when implementing your security policy.