The Veracode Platform enables you to create an application security policy against which you can evaluate and measure your applications. The elements of an application security policy may include:
- The target Veracode Level for the application.
- Types of findings that should not be in the application. You can restrict findings by severity, CWE category, CWE ID, or a common standard including OWASP, OWASP Mobile, SANS Top 25, or PCI.
- Minimum Veracode security score.
- Required scan types and frequencies.
- Grace period within which you must fix any policy-relevant findings.
Note: You are not required to create custom policies because the Veracode Platform includes two sets of default policies that you can choose from when implementing your security policy.