Requesting a Scan
Veracode supports scan processes for the following two types of applications:
- Internally developed scan workflow
- In this scenario, you own the intellectual property for the application that you want to scan and have access to the source code to remediate any detected flaws. You receive a detailed list of flaws in the application with remediation guidelines.
- Third-party scan workflow
- In this scenario, you are purchasing or have purchased the application from a third party (vendor) who controls the intellectual property for the application. The vendor has access to the source code to remediate any flaws found. You receive a summary report with a security rating and a summary of the top flaw categories found in the application, and the vendor receives a detailed list of the detected flaws with remediation guidelines.
To request a scan of your internally developed application, you must do the following:
- Create an application profile
- Specify which teams can access an application
- Choose a scan type
- Upload binaries, including dependencies (if you are doing a static scan)
- Provide DynamicDS scan parameters (if you are doing a DynamicDS scan)
- Check the status of a scan in progress
- Review the expected turnaround time
To request a scan of an application developed by a third party, you must do the following:
If you are a vendor receiving a third-party scan request, you must do the following: