Veracode assigns a severity level to CWEs that scans discover. It is possible to customize the severity levels by giving them a higher or lower severity than the Veracode standard. Custom severities apply immediately, changing the results of the latest scan for all applications that are assigned this policy.
- Click Veracode Platform. at the top of the
- Select the policy you want to change.
- In the Custom Severities section at the bottom of the Edit Policies page, select Use Custom Severities.
- Click Add Custom Severity.
- Select the CWE whose severity level you want to change.
- From the Custom Severity dropdown menu, select the new severity level.
- Click Save.
The severities you have customized now appear in the table.
You cannot deselect Use Custom Severities until you delete each individual severity in this table by clicking the X icon to the left of the CWE. Only users with the Policy Administrator role can see the custom severities. Custom severities do not apply to flaws discovered during manual penetration testing.