Choosing a Scan Type

Getting Started Guide

Veracode offers portfolio and application scans as an integral part of any company-wide security policy. You can use Veracode to enforce consistent application security policies across your entire inventory of applications, both those that you develop and third-party applications.

Portfolio Scans

Portfolio scans analyze the perimeter that your software applications create around your business processes, and investigate the limitations of your application security and potential threats to your company.

Discovery Scans
Analyze your application perimeter and perform focused searches for web applications within a defined IP address range or list of known hosts, then provide you with a detailed listing of the applications found.
DynamicMP Scans
Perform massively parallel scans, rapidly and simultaneously analyzing multiple web applications to establish a security baseline of your application perimeter.

Application Scans

Application scans deeply analyze individual applications and provide a detailed report on the discovered flaws and remediation guidance. There are three types of application scans. Veracode recommends both static and DynamicDS scans for web applications with very high, high, or medium business criticality. Using all scan techniques increases the completeness and depth of analysis for your application.

Static Scans
Perform deep analyses in an offline environment of compiled or ready-to-deploy web, enterprise, desktop, or mobile applications to detect security flaws in the underlying code. Static scans create a model of the entire application and analyzes its data and inter-procedural flow, and are ideal if you have access to the compiled code for your web or backoffice (non-web) applications.
Dynamic Scans
Perform deep analyses of web applications, using customized scan, crawl, and authentication settings to establish a deep understanding of the vulnerabilities of a single web application. Dynamic scans simulate malicious user behavior and detect potential attack points by crawling the application an d checking if intended functionality can be misused. This type of scan is necessary if the web application and its security are critical to your business.
Manual Penetration Testing
Leverage and extend the findings identified by automated static and dynamic assessments to uncover unforeseen design issues within an application.
You can start an application scan from the Scans & Analysis menu. After you choose a scan type, select an application that you want to scan from the list. Then, click the Start a Scan button and choose a scan type to begin the analysis.

Scan Permissions

You must have the Creator, Submitter, or Security Lead roles to be able to start a scan. In addition, you must also have the specific permission to submit each type of scan. Click Your Account in the top-right of the Veracode Platform to review your scan permissions. Contact the Veracode administrator in your organization if you want to request further permissions.