Veracode Browser Requirements

Getting Started Guide

Veracode designs the Veracode Platform for the following browser configurations:

  • Modern browser (see below for specifically tested browsers)
  • Minimum 1280x1024 resolution for full display of all content
  • HTML5 for using the Source Code View in Triage Flaws
  • Flash required to use eLearning courses and Analytics
  • PDF reader required for accessing PDF exported reports
Note: The Veracode Platform does not have access to the source code for the application, and the source code is not uploaded to the Veracode Platform when you view it in the Source Code View.

Tested Browsers

Veracode recommends the use of a browser that supports HTML5, but has tested:

  • Chrome (latest)
  • Firefox (latest)
  • Internet Explorer 11
  • Safari (latest)

Internet Explorer 10 is no longer supported. Other modern browsers likely work for most functions but may have issues with specific functionality. Browsers older than the specified versions may experience significant appearance or functionality degradation.

Veracode supports the following secure server ciphers:
  • Accepted TLSv1 256 bits ECDHE-RSA-AES256-SHA
  • Accepted TLSv1 256 bits AES256-SHA
  • Accepted TLSv1 168 bits ECDHE-RSA-DES-CBC3-SHA
  • Accepted TLSv1 168 bits DES-CBC3-SHA
  • Accepted TLSv1 128 bits ECDHE-RSA-AES128-SHA
  • Accepted TLSv1 128 bits AES128-SHA
If your browser does not support any of these ciphers, you will not be able to access the Veracode Platform.

Web Traffic Filters

If your organization filters web traffic, your organization must open connections to Veracode websites to access the Platform and use Veracode products.

Required Sites

To access all Veracode Platform functionality, your organization must whitelist the following sites:

Recommended Sites

Veracode recommends that your organization also whitelists the following sites:

https://web.veracode.io

Using Java

For security reasons, Veracode does NOT recommend the use of Java. Browsers that have built-in HTML5 perform faster and keep you safe from malicious Java plugins. For customers using legacy browsers that do not support the full HTML5 feature set, Veracode provides a legacy Java plugin to allow the use of the Source Code View. Please note that Veracode does not plan to provide any future enhancements to the Source Code View experience in the Java plugin, and recommends that you upgrade to a more modern and secure browser.

If you cannot upgrade to an HTML5-supported browser, you can do one of the following to improve security:
  • Disable Java in your browser and do not use the Source Code View
  • Use the Veracode Eclipse or Visual Studio plugins
  • Leave Java enabled in your browser and configure a whitelist of trusted sites that are allowed to use Java (the least secure option).

Tested Java Versions

The Veracode policy is to certify the Java applets contained in each release of the Veracode Platform. Two weeks prior to the scheduled release date, which is normally the last Thursday of every month, Veracode performs this certification using the most recent Java Runtime Environment available.