Accepting a Third-Party Scan Request

Third-Party Application Security Testing

If a Veracode customer requests an assessment of your code through the third-party scan process, you are first asked to review the request and confirm that you can provide the code requested before uploading code for a static scan and/or providing information for a DynamicDS scan. You must have the Veracode Security Lead role or be a member of the team associated with the application to accept a third-party scan request. If you do not yet have this role, contact Veracode Support.

Locating the Third-Party Scan Request

When you log into the Veracode Platform, go to My Portfolio > Applications. The requested application is in your applications list with a status of Agreement Pending. To accept the third-party scan request, click the application name to open the application overview.



Accepting the Third-Party Terms

You must have the Veracode Security Lead role or be a member of the team associated with the application to accept the terms for fulfilling a third-party scan request. If you do not yet have this role, contact Veracode Support.

If this is the first time you are fulfilling a third-party scan request:
  1. Review all the information in the Accept Third-Party Request page and click the checkbox that indicates that you agree to the scan results being shared with the requesting customer.
  2. Click Continue to proceed with the application scan request.


Accepting the Third-Party Scan Request

You must have the Veracode Security Lead role or be a member of the team associated with the application to accept a third-party scan request.

If you have accepted a third-party scan before:
  1. Click Accept Request. If you have more than one scan type requested, you also have to select the type of scan. The Accept Third-Party Request page opens, showing the information requested by the Veracode customer. The page includes information about the policy against which the application will be assessed. You can view details about the policy by clicking the information icon () next to the policy name.
  2. Review all the information and check the Sharing Results checkbox.
  3. Click Continue.
  4. Depending on which type of scan is requested, the relevant scan configuration page opens.


Note: If the application information is incorrect (for instance, the Veracode customer is requesting an incorrect version or platform for the application), or if you have questions about the Veracode Assessment Agreement, please contact Veracode support to address the issue.